Asia’s Complex Compliance Landscape

Examining the key compliance challenges prevalent in the Asia-Pacific region-and the unique country-by-country variations and adherence to the “speak-up culture”

Although it is a longstanding business practice to divide international functions into a handful of huge geographical territories, each comprising what can sometimes be a daunting variety of local cultures, languages, and policies, tackling Asia-Pacific (APAC) as a “standalone” region is particularly complex. This complexity can be amplified when crafting an organizational approach to compliance, which in itself is notably susceptible to the fluctuating influences of cultural identity and ingrained behaviors. Both established and developing markets can present their own set of problems. Japan, for example, is still finding its way toward a “speak-up culture.” The vastness of India is subject to its own array of regional variations. And parts of Southeast Asia-smaller countries such as the Philippines and Indonesia-still suffer from emerging market problems, with the issues of corruption and small or non-existent compliance functions.

Compliance maturity

There is broad agreement that the general concept of compliance-and the building of compliance teams-has evolved considerably in APAC in recent years. “When I first moved to Beijing in 2008, there were only a couple of dozen people who had compliance on their business card,” says Eric Carlson, a partner at Covington & Burling, now based in Shanghai. “It just wasn’t a job in China then. Ten years later, there are several thousand people working in compliance.” 

Ann Beasley, a director in Navigant’s healthcare and life sciences governance, risk management and compliance practice, says, “I was really impressed with the quality of the people I was interacting with at the Pharmaceutical Compliance Forum conference in Asia last year.” She adds, “Just a couple of years earlier, there was more naivety around the concepts of compliance. The level of conversation sophistication is definitely higher now.” 

Maria Eugenia Quindimil, executive director, JAPAC regional compliance at Amgen, toldPharm Exec that the company’s new hires in the region are given “a significant induction training in compliance, including all relevant internal SOPs, regulations, code, and local laws.” She explains: “Besides the induction training, the worldwide compliance and business ethics (WC&BE) function implements a competency model assessment to all (new and mature) compliance professionals to ensure right developmental actions will be implemented during the year.”

There is, however, the issue of “compliance maturity,” which still leaves the problem of “massive demand and very limited supply in the region,” says Carlson. In China, he explains, nearly all of the compliance

Eric Carlson

professionals “have emerged in the last seven years or so.” While multinationals “are desperate for seasoned compliance officers, there are very few people with more than six or seven years’ experience, and almost no one with 10–15 years’ experience.” 

The result is that most of the people leading compliance functions in China are relatively young. “There’s nothing wrong with that, per se-they can bring novel ideas and can be more proficient with new technologies-but we see a lack of industry experience and sometimes a lack of maturity of judgment when it comes to handling difficult or novel situations,” says Carlson. “Compliance is about making difficult choices about limited resources and managing and balancing risks. That can sometimes cause problems when you have someone who has a senior-level job title but a junior level of experience.”

In addition, even a long-established market can harbor some cultural resistance to compliance. On the issue of Japan’s “speak-up culture,” for example, Beasley observes, “When I was working in Japan years ago, even the compliance and legal people were not necessarily identifying issues and raising them.” In China, notes Carlson, there has “never been much of a problem with people speaking up, but this depends on the individual company, of course.” In Korea, employees were quite reluctant to share information outside of the company or outside the country, but Carlson says that this has changed over the last few years, as “society, in general, is becoming more aware of things like corruption.” Like everything else, the “speak-up” issue varies strongly country by country. But Carlson says that “the good companies are doing what you expect them to be doing: establishing hotlines in local languages and actually responding to and investigating information received.” 

Amgen, for example, is “committed to working on this topic from within,” says Quindimil. “All of our staff is encouraged to understand and adhere to our Business Code of Conduct, and we have channels to report concerns through the Business Conduct Hotline that guarantees anonymity and confidentiality.” Amgen will also launch a new campaign at the end of Q4 2019 called “Safe to Speak up – Listen up,” which “will be not just for the individual employees but for the managers to interact with their employees whenever concerns are

Maria Eugenia Quindimil

raised,” says Quindimil.

Large and small

Not surprisingly, the biggest multinationals “are typically quite robust when it comes to compliance in the region,” says Carlson. They have a lot more people on the ground, as well as sophisticated electronic systems for tracking and monitoring. In China, he explains, “There’s a huge amount of visibility across a company’s different functions, a huge amount of awareness of what’s going on, and an ability to see real-time problems.” While big companies still have problems, “they tend to be more modest and more isolated; you typically don’t, for example, have whole sales teams or entire regions doing what they’re not supposed to be doing,” says Carlson.

For Beasley, however, the multinationals “are in a difficult place.” She says: “They can have fragmented systems, fragmented policies; when they grew and became multinationals, people weren’t thinking about these things. It’s easier to build than it is to fix. To align a multinational on a similar process and similar technology is a massive undertaking. And, initially, they won’t get a whole lot back, because they haven’t been able to look at the data, which has all been hidden in little pockets or on spreadsheets or on local systems.” 

Smaller companies, however, “started to think about things like that earlier,” says Beasley. “They tend to be more SAS- and web-oriented, and don’t have the kind of “clumsy and clunky systems” that require a lot of internal tweaking to get the systems aligned. “Weaning a large company off clunky systems, however, is really hard,” says Beasley. “Part of it is down to who’s going to pay for it. Not all the countries are going to buy in, because they don’t see the benefit; they’ve already got something that works for them locally. So, it’s a real philosophical challenge for some of the big companies, as well as a technical challenge, a man-hour challenge, and a financial challenge.” 

She notes, however, that the big companies “are now really starting to think about APAC as part of a broader global risk profile as well as a source to achieve insights across the organization.”

The third-party question

Adding to the challenge of standardizing procedures across the APAC region is “a trend where companies are consolidating their legal and compliance roles and, in effect, reducing headcount,” says Beasley. “They may just have one person for APAC, for example.” She explains, “Part of me understands this, because corporations are starting to think more about global minimum standards. But how people understand and deal with challenges is internalized differently in each of these very different markets.”

Ann Beasley

And Beasley points out that the laws differ as well. “When looking how to organize the market entry business model, the head of APAC is likely looking at bringing in the most economic value for the organization,” she says. “The cost of going in direct and having the right infrastructure in place is a major challenge. For the smaller markets, it’s hard to justify having all the appropriate standards implemented.”

Beasley notes that a question that a head of APAC will inevitably face is, “Do we pay the distributors to do the market entry or do we do it ourselves?” A large pharma distributor may have the right infrastructure “but they’re not necessarily going to give you the attention, the mind space, or the bag space that you want in some of these countries.” Using smaller or local distributors opens up the third-party question, which is “really issue number one, two, and three from a compliance perspective. How can you make sure that they’re managing everything correctly?”

On this “third-party question,” Quindimil says that Amgen has “a full-scope process for third-party management, which involves due diligence, contracting, monitoring, and risk assessments. We engage third parties through an external partner to complete the due diligence reports. After this, we do a risk mitigation plan depending on the findings and kind of engagement at local levels.” 

As Amgen expands in new geographies, “there is a retrofit process to inform the WC&BE function to fine-tune the different challenges and ways of working in different countries through the JAPAC compliance head,” Quindimil adds. While Amgen’s business compliance process and systems “are the same all over the world, there are some local adaptations based on local regulations, risk matrix, and affiliate cycle management to ensure compliance with local laws and regulations,” she says.

Each culture is different when it comes to the management of third parties, not just from the perspective of the company but from the third parties themselves, notes Beasley. While Quindimil says that the region presents “an opportunity more than a challenge,” Beasley observes, “It’s a really difficult thing for some of the people who are responsible for the region to get it right. And there’s a lot of pressure on them to make sure it’s not only right but profitable.”

Pushing the balloon

As the drive for transparency and ethical business practices intensifies on a global level, the rapidly transforming APAC region will continue to present its own challenges for compliance leaders and their teams. In accordance with the points discussed, last year’s Asia Pacific Life Sciences Compliance Survey by Deloitte identified compliance maturity, the “speak-up culture,” and third-party risk mitigation as some of the areas for particular attention. At this year’s Pharmaceutical Compliance Congress Asia (CBI), the more

general takeaways were that ethics and compliance should be embedded in all aspects of the business, and that the best way to foster compliance is for the C-suite to support it. 

That conclusion, of course, seems fairly obvious. But it reminds us that, cultural variations notwithstanding, the basic tenets of compliance, and the problems associated with it, can be universal. As Carlson points out, “Compliance is kind of like pushing a balloon. Once a company figures out one way to address an issue, something else pops out that they didn’t think about. There tends to be a revolving door of different problems that companies are trying to fight against.” 

Julian Upton is Pharm Exec’s European and Online Editor. He can be reached at jupton@mmhgroup.com