Reducing the Risk of Noncompliance

Pharma and medtech companies are spending more management time and resources on compliance than ever before, but compliance problems continue to grow. Noncompliance warnings in the healthcare industry have risen sharply over the past five years, as have medical device recalls and drug shortages due to quality problems. And those issues add significant cost and risk to the business.

What’s changed? Compliance requirements around the world have multiplied since 2000. At the same time, pharma and medtech product portfolios and organizations have grown rapidly and become more complex. That combination has created a perfect storm in compliance for many leadership teams.

A complicated path  

For decades, growth has been the industry’s top priority, and many companies have assumed that every dollar of revenue would fall to the bottom line. Instead, growth has brought complexity, and along with it, many hidden costs. As our colleagues state in the recently published book The Founder’s Mentality, “Complexity is the silent killer of growth.” It slows innovation, time to market, and impedes decision-making across the entire organization. In fact, for many healthcare companies, unfettered investment in growth actually creates a drag on the core business. Complex product portfolios, organizations, processes, and geographical footprints also increase a company’s vulnerability to compliance delays and oversights, including late filings and failure to update critical registrations.

Complexity is not the only cause of noncompliance, but the more complex a pharma portfolio or organization, the more difficult it is to maintain a rigorous approach to compliance. One of the best ways leadership teams can manage that risk is to routinely review and simplify the business wherever they can, pruning product portfolios and streamlining the organization, processes, and geographies. Simplifying has a triple benefit: It improves patient safety, reduces the likelihood of compliance problems, and creates healthier portfolios that can grow faster.

The cost of noncompliance can be substantial: Taking a Corrective and Preventive Action (CAPA) can total up to $10,000; addressing a warning letter may cost $2 million for a simple fix or up to $20 million if it requires changes to production; and resolving a consent decree can top $100 million. Complexity

can also lead to increased capital investments, higher operating costs on legacy products, supply chain distortions and inefficiencies, and surging costs to address compliance problems in real time. In the worst case, regulators can demand that companies pull products from the market.

Many pharma and medtech companies know the downside of complexity all too well. As steady growth expands compliance requirements, it can overwhelm the people and systems responsible for maintaining up-to-date licenses, labels, and filings with national authorities. At the same time, increased complexity makes it harder to effectively manage surveillance systems that monitor complaints and inquires, including pharmacovigilance (PV) and post-market surveillance. That can create delays in responding to health authorities.

A more complex product portfolio also creates a much higher level of noise in the system. Companies spend more time tracking and filing reports on legacy products with low sales and proven safety records, detracting from the ability of quality, regulatory, and PV staff to focus on the important signals affecting patient safety.

Finally, rapid growth generates greater variance and complexity in the manufacturing process. That, in turn, can lead to problems with outsourcing partnerships, including quality control, handoffs, and reliability of supply. It can also produce a mismatch in equipment or process capabilities between R&D and operations, limiting process standardization and impeding quality control when transferring technology.

Getting to the core  

One natural response to complexity is adding people to manage compliance functions. That approach, however, addresses the symptoms of complexity without tackling the underlying issues. It’s a costly reaction that, in our experience, rarely reduces compliance risk. In fact, large, resource-intensive compliance departments often struggle with efficiency. 

Complexity increases the underlying risks of noncompliance. The consequences can include interruption of the drug-substance supply chain, late filings, or out-of-date registration, which often lead to pulling products from the market. Both medical device recalls and new-drug shortages linked to quality problems have risen sharply over the past five years.

What are the warning signals that noncompliance is reaching a danger point? There are many, but a couple of key indicators are worth watching closely. One is an increase in errors in tracking, filing, and updating of registrations. A company’s regulatory department in any given country typically spends more than 50% of its time just keeping the portfolio in compliance. An ever-expanding portfolio can put constant strain on in-country resources and processes. When a portfolio is complex, even small changes can lead to a cascade of required updates. These constant, incremental additions can overwhelm local systems, especially IT and document management, increasing the risk of expensive work-arounds or errors in filings.

A second warning signal is product code proliferation, which often arises when companies enter new markets with unique label language or regulatory requirements. A surge in product codes can undermine manufacturing quality in two ways. First, additional country-specific batches can sharply increase production activity. For many manufacturers, increased production alone heightens the risk of noncompliance. On average, the number of batches produced at each site accounts for 30%–50% of the quality. Second, changes to testing and labeling can undermine quality. With product code proliferation, simple or routine changes suddenly can become difficult to implement by the required deadlines.

Another red flag: frequent variations in test methods, equipment, and raw materials, and especially the introduction of nonstandard production requirements. Each time a company alters these factors, it can slow the production process and add significant risk.

Finally, frequent policy changes can signal risk. Companies may need to implement policy changes to accommodate local health authorities when entering new markets or update policies to reflect nuanced requirements of individual products, even those with very small volume. When companies change policies frequently, due to internal or external factors, managers often don’t pay enough attention to implementation, which increases compliance risk. Local offices may require corporate support in drafting local policies, infrastructure investments, additional resourcing, and capability-building. In a worst-case scenario, complex policies can result in conflicting guidance at local sites. 

Companies that fail to read these warning signs and understand the link between complexity and compliance may take steps that improve a single function, but not consider the aggregate impact of their actions, setting off a doom loop that leads to ever-increasing compliance risk and cost.

Leading companies reduce the risk of noncompliance by simplifying across the spectrum of products, organization, processes, and geography. Their approach typically includes five steps:

Diagnose the problem. Collect data on complexity using the quality, supply chain, PV, and other surveillance systems to analyze the primary causes of compliance risk.

Define the goal clearly. Develop an action plan for transforming the portfolio, including stock keeping unit (SKU) reductions, geographic footprint restructuring, and policy changes.

Identify the cost of complexity and build the business case. Assess the cost and revenue opportunities that can reduce complexity, and use facts gathered on complexity, compliance, and risk assessment to make the business case for change.

Create alignment across the organization. Ensure experts from each part of the value chain coordinate openly to determine the right balance of complexity, profitability, and compliance.

Track complexity and keep it out. Make sure the underlying surveillance systems monitor complexity across the company, including product portfolio, quality control, and compliance.

The most effective way to reduce compliance risk is to simplify the portfolio and organization, eliminating the root causes of complexity. Companies that take action before problems surface will create significant value, improve patient safety, and manage growth more effectively.  

Maria Gordian is a partner with Bain & Company based in New York. She can be reached at maria.gordian@bain.com. Jason Evers is a partner in Bain’s Chicago office. He can be reached at jason.evers@bain.com. Both are members of the firm’s Healthcare practice.