Implementing effective third-party frameworks in the life sciences industry leading practices and challenges

Similar documents
Industry insight and global experience: the intelligent connection

Third-party risk management. EY Integrity Diligence

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

report that their financial impact of all fraud, corruption and/or money laundering incidents is over per incident

Reducing fraud, bribery and corruption in your private business: 6 things you can do now

Detecting and responding to fraud: making the intelligent connection Fraud Investigation & Dispute Services

Surveillance Program Design and Behavioral Analytics Implementation

Big risks require big data thinking: EY Forensic Data Analytics (FDA), powered by IBM

How can a transparent and effective corporate governance culture support the governance framework?

EY license compliance manager for SAP software. Forensic Technology & Discovery Services

Data integrity forensics Bring transparency and trust to third-party data use

ATTACHMENT C CORPORATE COMPLIANCE PROGRAM

What role could the finance function play in a 4.0 world?

ISO International standard for compliance management

EY Center for Board Matters. Leading practices for audit committees

Mini Summit VI - MANAGING THIRD PARTY RELATIONSHIP RISKS

If an employee goes rogue, how will you know?

PostNL group procedure

EY Forensic & Integrity Services

How does treasury adapt to the finance function of the future?

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

ATTACHMENT B CORPORATE COMPLIANCE PROGRAM. In order to address any deficiencies in its internal controls, policies, and procedures

Are you ready for conflict minerals reporting?

Private company insights. Balancing the motivation for an IPO with the pros and cons

Digital Passport. Transforming SME banking through customer-permissioned data exchange

Anti-corruption internal audits. A crucial element of anti-corruption compliance

Can the EU Directive on nonfinancial reporting give you a competitive advantage?

Protecting your private business from fraud

Training services for business professionals

EY Anti-Bribery and Anti-Corruption tool

Big data strategy to support the CFO and governance agenda

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Effective implementation of COSO s new anti-fraud guidance

Oil and Gas services

Best Practices for Vendor Risk Profiling

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

Are you ready for the first Forensic Trailblazer Award?

CORPORATE COMPLIANCE PROGRAM

Know Your Trader (KYT) Analytics Services. Identifying rogue trader and compliance risks by focusing on the information flows

Finance for Non- Finance Executives

Managing Compliance Risk in M&A, and Special Considerations for Joint Ventures

Accounting policy and governance

FCPA COMPLIANCE PROGRAMS

Fraud Investigation & Dispute Services. Forensic analysis and global experience: the intelligent connection

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Strengthening accountability in banking

Improving your finance function effectiveness

The compliance implications of valuebased. October 2017

Balanced Score Card and Performance Management January 2018

GDPR: what you need to know

Creating an agile control environment

Payments the new player domain. How EY can assist

BCBS 239 Risk data aggregation and reporting

Ready for takeoff? Overcoming the practical and legal difficulties in identifying and realizing the value of data. Self-assessment guide

People, process and technology

How long can you play not to lose before you eventually do?

What is hiding in your procurement to payment cycle? 24 September 2013

Heightened standards for compliance risk management. Lines of defense compliance s role

Third Party Distributor Monitoring Program and Measuring Success

The Ten Commandments of Information Governance & edisclosure 2015

Designing a finance function to meet tomorrow s challenges

Governance and reporting. How can boards navigate their way through a changing regulatory landscape?

Easing the burden of data privacy compliance

Driving improved supply chain results Adapting to a changing global marketplace. The COO perspective

Automotive finance. October 2014

EY Center for Board Matters Boards and internal audit

Amgen GLOBAL CORPORATE COMPLIANCE POLICY

boards King IV TM update Leadership, Ethics and Corporate Citizenship

Project Management Fundamentals Doha, Qatar:

5 key elements of effective compliance training

EY Training Effective Executive Secretary

Launching a hedge fund building the operational foundation for success

Navigating the complexities of VAT and customs in the life sciences industry

Next steps for CCO compliance. Helping financial services institutions respond to the UK s new corporate criminal offence

Making a fast start for your capital projects. Power and Utilities Maturity Model and Architecture

Can drones & AI-enabled document analysis support audits in the future?

I. GENERAL STATEMENT. Corporate Procedure Number: IMCP Subject: Ethics and Anti-Corruption. Date Issued: March 11, 2016

Growing opportunity, growing business. EY s financial services practice in ASEAN

EY Alumni Network Portal. How to register

Bringing patients into focus

Information governance for the real world

Developing high performance teams. 2 3 October 2017

IPO readiness. Save time and costs and increase transaction certainty by adopting a structured approach to your IPO journey

Fraud Risk Management

How can greater supplier diversity unclog your growth pipeline?

CFO attestation: building a sustainable process

Customer Service Skills October 2017

Managed ediscovery Services. Fraud Investigation & Dispute Services

The credit card industry: navigating an evolving environment. EY Advisory Services

This Session Uses Polling

Fraud Investigation & Dispute Services

EMEIA service provider survey 2015 results. Building trust with your clients in an outsourced world

Making culture count. Strengthening culture for better risk and compliance outcomes. February 2018

Delivering tomorrow s companies today. How global business services can transform your business. The CIO perspective

EY Training Internal audit in practice: audit report writing skills

Boards and internal audit: Working together to strengthen risk management

Could (and should) you be looking proactively at data to find corruption?

Transcription:

Implementing effective third-party frameworks in the life sciences industry leading practices and challenges

Introduction The recent enforcement environment has reinforced the risks associated with third-party intermediaries. Of the reported corruption-related cases in the recent past, more than 90% of them involved misconduct by intermediaries. This topic poses extra challenges, especially for life sciences companies, as they frequently work with large numbers of intermediaries during the entire life cycle of a drug or device (from the research and development phase through sales and distribution to pharmacovigilance), and the industry itself is highly regulated. The US Foreign Corrupt Practices Act (FCPA) Guidance (2012), UK Bribery Act Guidance (2011), OECD Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions (2010), published US Department of Justice and Securities and Exchange Commission Deferred Prosecution Agreements (DPAs), Non- Prosecution Agreements (NPAs) and US Corporate Integrity Agreements (CIAs) provide guidance on transacting with and monitoring of intermediaries. It is important to remember that an intermediary framework is only one part of a larger corporate compliance framework. It should not be viewed as a stand-alone and cumbersome process, but rather should be integrated into the overall process and culture of a life sciences company. What is an intermediary? Intermediaries are those entities or individuals that represent a company in the marketplace or interact with other third parties on behalf of a company or relating to the company s products. In their capacity as representatives of the company, any misconduct by an intermediary may reflect directly on the company itself. Among others, these intermediaries can be distributors (including those who take title to the product), wholesalers, travel agents, lobbyists, consultants, contract manufacturing organizations, contract research organizations, contract sales force, joint ventures and others. These intermediaries often interact with government officials, health care professionals or health care institutions and may expose life sciences companies to significant corruption risks. In order to assess whether a company is working with a reputable intermediary, as recommended by the various regulations and legislations previously mentioned, a company needs to have an effective intermediary framework in place. Elements of an intermediary framework 1. Due diligence The first step in any intermediary framework is the identification and retention of the intermediary. The reputation of the intermediary that is about to be retained should be of key significance to a company as is the reason why it is to be hired and how much it will be compensated. Risk assessment There are many steps that can be followed during a due diligence process. In order to design and implement a consistent and effective approach, companies should conduct a documented risk assessment process and give a risk ranking to each type of intermediary depending on the service they provide, the level of interaction they have with government officials or health care professionals, and the location in which they are based and they are expected to operate. The FCPA Guidance and the recently published DPAs identify risk assessment as a key element of any compliance program. Due diligence procedures Based on the risk ranking of each category of intermediary, the due diligence procedures to be conducted may change. These procedures may include: 2

1. Completion of a questionnaire by the intermediary to provide background information on itself as well as answer questions around its willingness to comply with anticorruption rules and to permit a right to audit clause in its contract 2. Completion of a questionnaire by the businessperson who wants to retain the specific intermediary to provide information on the reasons for hiring them (versus handling this service in-house) and justify the compensation to be paid 3. Completion of integrity diligence checks on publicly available information and licensed databases. Companies should consider running Due Diligence Considerations: Consistency and efficiency of the process: Some life sciences companies use online solutions in order to ensure that each intermediary (based on their risk rating) goes through a similar scrutiny and that the process and related documentation are traceable and reviewable. Identification of the department that will be responsible for the process: In many life sciences companies, the process is managed by corporate compliance but conducted by the local business. Privacy regulations: In certain parts of the world, due to privacy regulations, certain questions cannot be asked on the questionnaires that will be completed by the intermediary. In order to ensure the relevant laws are followed, the legal these checks in local language of the countries in which the intermediary is based and/or will be providing services 4. If necessary, conducting on-site visits and interviews with key officers of the intermediary The intermediaries ranked as medium and low risk may undergo limited procedures. However, at a minimum, basic information on each intermediary should be documented. After the review of the relevant information obtained, specific red flags may be identified. Not all red flags mean that the company cannot work with that specific intermediary, as some of the red flags may be department should be included in the creation of each version of the intermediary questionnaire. Related to this is consideration of the anti-monopoly regulations of the countries in which the intermediary is based. Russia is one example of such countries where antimonopoly rules may impact a company s ability to terminate an intermediary because of due diligence concerns. Comprehension by the intermediary of the importance of the process: In order to ensure that the intermediary understands the questions it is answering, the life sciences company should consider translating the questionnaire into the local language of the intermediary. In addition to this, it would be important to educate the intermediary on the false positives (for example, in Asia or the Middle East, certain names are very common, which may lead to unrelated individuals being flagged for improper activity). However, there are certain red flags that companies should consider as significant (for example, the intermediary does not agree to comply with the US FCPA or the UK Bribery Act). Depending on the resolution of the red flags, the intermediary may be retained. Either way, documentation should be completed and archived showing the results of the due diligence and the decision made in case evidence needs to be provided to a regulator in a subsequent investigation. completion of the questionnaire in order to minimize any issues later on in the process. Educating the intermediary may also assist in obtaining the buy-in of the intermediary for full cooperation with the process. Buy-in from the business: In order to make sure that the company receives timely and relevant support from the business, training sessions should be held with the business explaining the importance of these procedures prior to rollout of the process. Systematic controls: Internal controls should be incorporated into a company s financial systems to ensure that intermediaries rejected as a result of this process cannot subsequently be entered into the system, bypassing the due diligence process. 3

2. Contracting Only after completion and approval of the due diligence should a written contract be entered into with an intermediary. Among other clauses, the contract should include the relevant warranties and representations, which may include: Compliance with the relevant antibribery laws Compliance with the internal policies of the company A broad audit clause with access to any books and records relating to the company s business as well as the intermediary s compliance framework Agreement to provide a certification of compliance on an annual basis The right to terminate the agreement for breach of contract 3. Training Intermediaries should be trained on the company s policies and expectations immediately after entering into a written contract. In-person training, provided to a representative of the intermediary, is the best way to conduct this training. It would then be expected that the intermediary representative would roll this training out to the relevant employees at the intermediary. The training can then be refreshed on an annual basis or as needed. One consideration here is which intermediaries should receive the training and by which method (as in-person trainings may not always be possible, due to resources as well as the location of the intermediary). The risk categorization of the intermediaries conducted prior to this process may be used as a deciding factor. 4. Monitoring Monitoring is a significant part of an intermediary framework. The monitoring process may include: a) Forensic data analytics as a stand-alone monitoring activity or component of any of the following processes b) Periodic certification of compliance and anti-corruption training c) Periodic renewal of the due diligence and acceptance procedures d) Special payments review, possibly using data analytics (including review of discounts, credit notes, etc.) e) On-site reviews (exercising audit rights) a) Forensic data analytics The increased burden on compliance, internal audit and legal departments created by regulatory agencies recommendations to monitor intermediary risks, coupled with staggering increases in the volume, velocity and variety of business information available to organizations, has emphasized the need to use forensic data analytics to monitor an organization s payments to its intermediaries as has the need for life science companies to enhance their risk assessment process, identify potential misconduct and detect outliers before they become issues. Companies often approach reviews of data through sampling techniques rather than analysis of the entire data universe. Review of large magnitudes of data through manual and linear processes, such as spreadsheets, has the capacity to become a difficult and unproductive activity through which companies may not be able to effectively manage their risk. The incorporation of various analytic techniques across multiple data sources increases governance of risk and enables organizations to establish an effective intermediary framework. Additionally, a monitoring program based on data analytics helps organizations avoid unnecessary costs by transforming large and disparate data sources into actionable analyses and trends that help leadership address critical issues. 4

Life sciences companies are responding by integrating big data, statistical and qualitative analysis to identify issues through in-house developed solutions and management consulting models. These types of analyses often go beyond the review of single data sources, such as payment stream activity, and leverage additional data sources. For instance, effective monitoring of wholesale distributors should not only include sampling of payment activity, but also include qualitative reviews, such as price variances, profit margins, inventory, write-offs, free goods or even the country in which services are provided/to which payments are made. Another type of analytical approach to intermediary monitoring includes the use of unstructured text fields within structured data. Keyword searches for suspicious terms conjugated with select noun, phrase and concept extraction can provide insight that is not easily obtained through other types of data attributes, such as payment amounts, dates or locations. Organizations can take these techniques further by incorporating data visualization techniques that allow users to trend outliers to quickly identify patterns of behavior and differentiate isolated incidents from systemic behaviors. b) Periodic certification of compliance and anticorruption training At least on an annual basis, or as necessary, the intermediary should submit a document certifying compliance with the company s policies as well as relevant laws and regulations. In addition, on a regular basis, perhaps annually, the company should provide refresher training to the intermediary. All training records should be retained by both the life sciences company and the intermediary. c) Periodic renewal of the due diligence and acceptance procedures At least once every three years, or as needed (for example, ownership change of the intermediary), due diligence procedures should be renewed. d) Special payments review Many intermediaries receive their compensation in a variety of ways, including commissions, fixed salaries, credit notes, free goods or rebates, in addition to getting reimbursed for expenses incurred. Some of these payments, such as credit notes, may not be as transparent as bank transfers. Thus, it is very important to perform a review of all types of benefits provided to intermediaries on a periodic basis to ensure that they are in compliance with the contract, appear reasonable and are supported with sufficient supporting documentation. One topic of interest during these reviews might be discounts that are given to the intermediary and their reasonableness. Distributors, for example, as part of their regular business, purchase products at a discount, which is usually set out in a written agreement. In certain situations, in order to be able to participate in a tender, for instance, the distributor may request additional discounts from the company. The justification and the documentation of these additional discounts, if they are approved, are very important. Companies should consider the frequency, amount and the nature of the end customer that will benefit from these additional discounts, prior to agreeing to them. There have been public cases in recent years where these additional discounts provided were used as improper payments to health care professionals. Another consideration during this review may be to conduct an analysis of the number of intermediaries used to provide the same type of service in one country. Using a high number of similar intermediaries may lead to inefficiency in a company s operations as well as raise question marks as to the purpose of their use. Data visualization techniques can be particularly helpful in conducting such reviews by plotting historical, geographical and spend-related trends. 5

e) On-site reviews (exercising audit rights) Merely having an audit clause in contracts with third parties is not sufficient if this right is not exercised. Exercising this clause may identify any weaknesses in the compliance or business structure of the intermediary and, just as importantly, it gives the message to the intermediary that the life sciences company takes compliance with laws and the contract very seriously. Recently published DPAs require companies to include right-to-audit clauses in their contracts with intermediaries. In general, due to the high risks associated with them, these reviews are conducted mostly on distributors. However, other high-risk intermediaries may also fall under the scope of these reviews (e.g., Clinical Research Organization (CRO), travel agencies). Length and scope of the review Depending on the size of the intermediary, the services it provides (promotional activity, merely distribution, etc.) and the sophistication of the intermediary, these reviews can take as long as a few weeks or as short as a few days. The length of the review is also related to the period in scope. If it is a new intermediary for which a review has never been done or has come through an acquisition, companies may choose to have a longer-scope period (e.g., three years). For larger intermediaries or longer-scope periods, companies may consider the use of forensic data analytics to increase efficiency and effectiveness of the review. On-site reviews comprise interviews and a financial review of data relating to the company s business. The process should not only focus on the intermediary s business relating to the life sciences company and its compliance and financial framework, but also on the existing monitoring activities performed by the life sciences company on the intermediary and their effectiveness. An effective intermediary framework must be easily achievable, consistently applied and documented, all of which would allow for the process to be audited or scrutinized by internal or external parties, should a need arise. Based on the laws and regulations in place, companies need to remember that it is no longer nice to have an effective intermediary framework, rather a requirement to have one. On-site review challenges include: The existence and the extent of the right to audit clause in the contract: The clause should be comprehensive enough to include the extent of the review that will be undertaken (e.g., not purely a financial review, but also an understanding of the compliance framework). Timing and methods of communication with the intermediary plays a significant role in these reviews. It is important to obtain the agreement of the intermediary for full cooperation prior to arriving on-site. Sophistication of the intermediary s financial systems: It is very common for an intermediary to have only one financial system and lack of segregation between its records relating to its different customers. As a result, reliance on the information provided by the intermediary would be limited as it cannot be verified independently. One way companies can get around this is by putting a clause in contracts requiring the intermediary to segregate its books and records relating to the specific company. Local regulations of the country in which the intermediary is located are very important. Russia, for example, as also mentioned above, has very strict anti-monopoly laws, which, based on recent published cases, might prohibit including certain clauses in contracts. Accordingly, legal advice should be obtained while working in different regulations. Frequently, intermediaries raise confidentiality concerns around providing documentation as they also work with other life sciences companies. As a result, these reviews are usually conducted by a team of external consultants with experience in this field. 6

Author Melda Tanyeri is a Director with EY s Fraud Investigation & Dispute Services Practice, based in the UK and a member of the Global Core Life Sciences Team. She has previously worked in EY s New York and Paris offices. She can be reached at mtanyeri@uk.ey.com or +44 20 7951 6953.

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. About EY s Fraud Investigation & Dispute Services Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority no matter what the industry sector is. With our more than 3,200 fraud investigation and dispute professionals around the world, we assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide. 2015 EYGM Limited. All Rights Reserved. EYG No. AU3136 BMC Agency GA 0044_01903 ED None In line with EY s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback