Creating a Corporate Compliance Program

Regulatory compliance is an evolving concept that must be flexible enough to adapt to both a company’s unique business climate and to changing regulatory circumstances. Although standard operating procedures (SOPs) are a compliance tool and can and should be strongly recommended, they cannot become the end of a process. Compliance is not a set of standards or procedures that sit on a shelf until something goes wrong. Instead, compliance requires thought in creating a code of conduct and in setting up a process to allow for internal complaints and to test a company’s rate of success or failure. Anything less is doomed and — in a worst-case scenario — will encourage fraud and severely affect a company’s reputation and financial bottom line.


Compliance Is Driven By Statutes and Regulations

The biopharmaceutical industry has many federal laws, regulations, and guidance documents. Among these are the False Claims Act; the Foreign Corrupt Practices Act; the Food, Drug and Cosmetic Act; the anti-kickback law; the Pharmaceutical Research and Manufacturers of America (PhRMA) code; and numerous “off-label” and program guidance documents issued by the Food and Drug Administration (FDA), the Department of Health and Human Services’ Office of Inspector General (OIG), and other federal agencies. How these may be implicated is an important initial consideration in crafting an effective compliance program. Companies need to know where the risks lie.

Federal Laws: False Claims Act violations stem from knowingly presenting or causing to be presented a false or fraudulent claim for payment or approval; knowingly making or using a false record or statement material to a payment of a false or fraudulent claim; and/or conspiring to defraud the government by getting a false or fraudulent claim paid or allowed. The statute allows “relators” (basically, whistle-blowers) to sue on behalf of the government and keep a portion of the monies recovered.

The Foreign Corrupt Practices Act criminalizes bribery directed at foreign officials to gain a business advantage.

The Food, Drug, and Cosmetic Act provides that it is illegal to introduce a misbranded drug into interstate commerce. It also states that false or misleading labels constitute misbranding, as do inadequate warnings and directions.

The anti-kickback law makes it illegal to offer to pay to induce a person to purchase or order any item or service for which payment may be made under a federal healthcare program or recommend purchasing or ordering such an item or service. A person need not have actual knowledge of the statue or a specific intent to violate it.

Under those federal programs, companies and responsible corporate officers can face extensive civil and criminal liability. Civil liability can include penalties and debarment (also called exclusion) from participation in government programs. Such debarment would be a career killer. The government’s power goes further, however, and includes criminal liability. In addition, the nature of owner and officer liability has been expanded to cover individuals with no actual knowledge of wrongdoing.

State laws have similarly onerous compliance “hammers,” penalty provisions, and criminal consequences. Moreover, plaintiffs’ lawyers are often waiting to pounce and impose additional civil liability upon noncompliers.

Simply put, the antifraud regime is sufficient to cause many sleepless nights for corporate compliance officials.

General Suggestions for Improving Corporate Compliance

Achieving regulatory compliance requires more than legal knowledge. A commitment to compliance is required — both in writing (e.g., SOPs) and in practice. All compliance programs should be accompanied by general provisions confirming a company’s commitment to ethical conduct and communicating an expectation that employees and external consultants will comply with the law. Just as important, employees should be required to promptly disclose mistakes and unethical behavior of others, avoid conflicts of interest, accurately maintain all required information, and protect the confidentiality of specified information. It must be understood that fraud will not be tolerated.

General compliance provisions are often maintained as the initial SOP within the suite of SOPs and can define the nature of what is expected of employees and what will not be tolerated. Anything less than a firm, written elucidation of these principles will leave “grey areas” about which employee interpretation will reduce corporate compliance. Failure to adopt strong, written procedures also invites a time-wasting discussion about what is and is not appropriate, as well as after-the-fact questions. Operating under a “time is money” theory, such discussions do not optimize corporate resources at the same time that they are reducing compliance.

Additional Thoughts on Specific Compliance Programs

What follows is a short summary of proposed topics for inclusion within SOPs for pharmaceutical and medical device companies.

Get proactive. Revisit corporate policies and add new procedures now. Delaying the process increases the risk of noncompliance today.

Focus on SOP definitions. For example, define advertisement to add or exclude microblogs (e.g., Twitter) and social networks (e.g., Facebook). As a further example, consider quoting statutory definitions to ensure that misbranding, “true statements” and “fair balance” requirements are defined as key components for promotional review SOPs.

Enforce protocols. Make sure that compliance protocols are being followed now.

Don’t ignore medical staff. Ensure that medical personnel have appropriate say in issues involving medical or scientific review. Use the existing corporate structure so that, for example, sales staff will not be charged with responding to outside medical inquiries unless medical personnel are controlling the substance of the response.

Guidance documents are important. Robust compliance programs should focus on government-issued guidance. Guidance documents signal the FDA’s current thinking on a topic. They may not, however, provide a complete legal defense to certain activities because guidance does not carry the force of a rule adopted after a formal comment-and-response period. Nevertheless, FDA guidance is critical to any compliance program. Recently issued documents cover topics such as the method by which pharmaceutical companies should respond to unsolicited requests for off-label information about prescription drugs and medical devices. The FDA’s current guidance calendar indicates that we can also expect in the near future to see guidance on drug-sample distribution as well as standards for securing the drug supply chain.

Pay attention to details. Verify the accuracy and completeness of, for example, labeling information, both for pharmaceuticals and medical devices.

Allow for complaints. Provide an in-house process for anonymous complaints to be given and then include a process to review them. Such a process can prevent “w
histle-blower” complaints, including those which may be raised by disgruntled employees against whom employment action has been taken for legitimate reasons. Ignoring complaints will only lead to grumbling employees whose festering comments will arise in the context of an adverse employee event (e.g., suspension, firing) or be given to the government. A process designed to achieve compliance will allow the employee–employer dialogue to take place and trigger action on compliance problems before they get worse.

Develop a system for adverse-event reporting. Establish procedures for inputting and managing adverse complaints received from outside of the company which, in some regulatory areas, is required by law.

Don’t forget quality. Create and follow a quality plan. After all, corporations are in business to do business. Quality products and services are good for business.

Assess and audit. Assess compliance efforts, for example, by internal audits. Install a process to continually (and randomly) test future compliance. If the compliance program is not “pressure tested,” then there is no effective way to ensure it is working.

Correct mistakes. Ensure that timely corrective actions are taken when necessary.

Stay informed. Remain on guard for changing circumstances, changing laws, and situations that just don’t “smell” right. Procedures that fail to change with changing times become just another written textbook collecting dust.

Keep records. As appropriate, document proactive assessment and corrective measures. If SOPs require documenting of certain quality control actions, then ensure that such documentation is always created. Coincidentally, an adequate audit process will uncover recordkeeping mistakes.

Create a corporate investment that involves people. Obtain a commitment to compliance that transcends all internal corporate levels so that each level and each director is aware of issues and is invested in positive results.

Continue to follow SOPs. The FDA recently issued a warning letter to a medical device company that allegedly failed to follow existing SOPs (e.g., performing risk analyses and undertaking validation testing of design changes). SOPs are meaningless without a commitment to adhere to their terms.

Following up those general principles with specific and internally enforceable policies is the first step to ensuring that all officers, responsible managers, and staff personnel understand the effort required for, and the substance of, a functioning compliance program.

Commit to Excellence

Reports of antifraud allegations, complaints, and billion-dollar settlements abound. Such reports clearly indicate that many government agencies (e.g., FDA, OIG, states, and so on) are committed to enforcing antifraud provisions to level the regulatory playing field. Perhaps, the government is also focusing its enforcement efforts to increase revenues and help to balance tight budgets.

But the fear generated by news reports is never enough to obtain compliance that can be sustained over the long haul because fear alone does not incentivize directors, officers, and employees to focus on compliance rather than the operation of a business. Only a commitment to excellence from the top down will have the lasting effect sought by corporations and compliance officers alike. It will also create an organization in which compliance and business generation are properly perceived as symbiotic rather than at odds.

About the Author

Author Details
Corresponding author David Restaino, Esq. is a partner in the Princeton, NJ office of Fox Rothschild LLP; 1-609-895-6701; [email protected]. Leslie Gladstone Restaino, Esq. is general counsel of Validus Pharmaceuticals LLC.

You May Also Like