Transcription
Managing growththrough bettercompliance managementA survey reportJune 2015
ForewordThe Indian Pharmaceutical sector is the third largest inthe world, growing at a CAGR of 14-15 percent between2012-161, and is expected to be generate revenuesworth USD 55 billion by 20202. With exports constituting53 percent of these total revenues, the industry hasmade significant investments in upgrading theirmanufacturing plants to international standards setby regulatory bodies such as the United States Foodand Drug Administration (USFDA), UK’s Medicinesand Healthcare products Regulatory Authority(MHRA), European Directorate for the Quality ofMedicines (EDQM), and Australia’s Therapeutic GoodsAdministration (TGA), among others.India today has about 546 facilities approved by theUSFDA3, 857 facilities approved by the UKMHRA4 and1295 facilities approved by the WHO-GMP5. Theseimpressive numbers give India the distinction of havingone of the highest number of USFDA, MHRA, WHO-GMPapproved manufacturing facilities outside of the US andEurope, exporting large volumes of medicines to theseregions. To manage such a high number of facilities andtheir compliance standards, the USFDA has opened twolocal offices with investigators based in India to facilitateinspections (surprise checks as well as notified ones).Additionally, the European Union regulatory bodies andthe US FDA now collaborate closely to share inspectionfindings and compliance gaps they identify.These coordinated efforts by foreign regulatorshave uncovered several instances of non-complianceamong Indian life sciences companies pertaining tomanufacturing practices, data management, qualitycontrol practices, as well as overall questionable industrypractices (tipped off by whistleblower complaints). Theseinstances of non-compliance have been penalized bylevying large fines, import bans (In the last two years,import ban orders have been issued by the USFDA andCanada’s Health Canada to more than 25 Indian API andformulations6), and posing threats to business, forcingcompanies to re-look at their compliance managementprocesses.To understand the perception of life sciences companiesin India on managing the challenges of regulatorynon-compliance, and their views on the state of internalcontrols as well as drug production standards, DeloitteForensic, released a survey questionnaire in August 2014seeking responses from risk and compliance professionalsin the industry. The findings of the survey have beendeveloped into this report.The majority of our survey respondents have identifiedcompliance challenges and shortage of skilled resourcesas hampering their company’s growth. In our opinion,these concerns have existed for some time withinthe industry, but recent strong enforcement actionby regulatory bodies has brought these issues to theforefront. This report provides pointers for companies toassess and take action in the area of product and processcompliance and also provides some practical insightson building a resource pool to manage forthcomingcompliance requirements.Rohit MahajanSenior DirectorNitin BidikarDirectorWe hope you find this report useful.1 Source: India Brand Equity Foundation - t-2013.pdf2 Source: India Brand Equity Foundation - t-2013.pdf3 Source: eports/2014/5/7/indra07Impact.pdf4 Source: Pharmexcil Report - s/893/239f2813416daf5c3ef5c8ed90734a0d.html5 Source: Pharmexcil Report - s/893/239f2813416daf5c3ef5c8ed90734a0d.html6 Source: -bans-2-more-ipca-plants/2015-03-26Managing growth through better compliance A survey report2
ContentsPage 8Challenges in compliance managementPage 10Deloitte's point of viewPage 04Non-compliance - A serious challenge to growthPage 05Page 06We believe that for organizations to minimize the risk ofcompliance failure, they need to have a 360 degree approachto managing compliance and fraud risks.Page 11Detecting fraud and managingnon-compliance and malpracticePage 12ConclusionPoor internalcontrols naging growth through better compliance A survey report3
Non-complianceA serious challenge to growthHINDRANCES TOORGANISATION'SGROWTHPROSPECTS164%say shortage of skilledstaff52%2face challenges inimplementing currentGMP/GDP/GLP/GCP/GPVP guidelines froma process andtechnology perspective342%Regulatory non-compliance is a challenge that canhinder the life sciences sector’s growth in India. Around64 percent of survey respondents have attributednon-compliance to shortage of skilled staff (in theirrisk and compliance teams), followed by challenges inimplementing cGXP guidelines (52 percent), complyingwith professional association guidelines (42 percent), andpoor fraud risk management systems (36 percent).The fast pace of growth in the Indian life sciencessector has resulted in scarcity of talent at several levelsand across functions within a life sciences enterprise.However, this scarcity is relatively higher in thecompliance management function, due to frequentlychanging regulatory requirements and increasingnumber of approved facilities. For instance, in the lasttwo years, most regulatory bodies have introduced newareas of scrutiny beyond just testing drug efficacy andnow involve risk management and mitigation programsfor R&D laboratories, manufacturing facilities andprocurement functions. For compliance managementprofessionals to familiarize themselves with thesechanges and become adequately trained in them requirestime. In the interim, companies could be exposed tovulnerabilities arising from non-compliance. About55 percent of survey respondents have indicated thattheir compliance teams were not adequately trained toaddress the regulatory requirements.In our view, creating a long term training programto keep industry professionals updated with muchneeded skills across functions in the Life sciencessector life cycle would help tackle the issue of talentshortage. Companies can work together with regulatorybodies to set up training and development coursesthat professionals can be certified in. The India SkillsReport 2014 notes that unlike other industries wheremultinational companies have established alliances withacademic institutions on endeavors such as researchincubation, faculty development, internships, curriculumrevision programs etc., the life sciences industry is foundlagging in such initiatives.Further, about 25 percent of survey respondentsrepresenting small sized companies in the sector(revenues below Rs 100 Crore) indicated that the levelof non-compliance in the life sciences sector was lessthan any other regulated sector. In our view, this couldindicate lack of understanding of regulatory obligationsat a senior management level, which could directlyimpact the ground level implementation of regulatorycompliance measures.face issue in complyingwith professionalassociations andGovernment guidelinesfor pricing, salespromotion andmarketing activities436%Believe poor fraudand other riskmanagementsystems to avertincidents533%Face challenges inprocurement ofstandard qualityraw materials30%6Say bribery,corruption andother frauds727%Inadequate IPprotection forprocess andproductManaging growth through better compliance A survey report4
Poor internal controls facilitatemalpracticeAround 61 percent of survey respondents felt thatthere was a lack of internal controls and complianceprocesses to proactively manage and mitigate the risk ofnon-compliance. This has also been indicated in multipleinspectional findings by various regulatory authoritiesand details are available on their respective websites7.In our view, this can be attributed to the lack of a zerotolerance approach to non-compliance and malpracticeamong senior management, as endorsed by 30 percentof the survey respondents. In the past, the life sciencessector in India has come under scrutiny for severalmalpractices such as bribery and corruption, financialmisrepresentation such as inflated sales numbers,diversion and theft of assets, counterfeiting and misuseof funds. For a long time these were acceptable businesspractices, until the Indian regulatory bodies intervened tocreate guidelines around sales and marketing. However,we continue to observe these malpractices in thesector, although close to half of survey respondents feltotherwise.About 55 percent of respondents indicated thatweak enforcement action by regulatory bodies,such as USFDA, MHRA, TGA and others, is likely thecause for repeat incidents of noncompliance. In ourunderstanding inspections by regulatory bodies in thepast were inconsistent. While it was recommended byregulatory authorities that inspections happen every twoyears, there have been cases where the gap betweeninspections was as much as four years. At times,the duration of each inspection may have also beeninsufficient to comprehensively cover non-compliance.However, today, the situation is changing. Withregulators setting up local offices and equippingthemselves to conduct spot audits, weak enforcementaction is unlikely to be a reason for repeat incidents ofnon-compliance in the future.Around 45 percent of survey respondents also felt thatorganizations did not invest in available technologyto manage quality risk related processes and controls.This could be attributed to a lack of understandingof how technology can help in improving compliancemanagement, especially as regulators in the past did notinsist on electronic data verification during inspections.Only one third of survey respondents pointed to thepressure of achieving unrealistic targets as a reason formalpractice. We feel this is a conservative estimate, asother surveys conducted (by us and other organizations)have indicated this factor as key to the rising levels ofnon-compliance and fraud in India.KEY CONTRIBUTORS TO MALPRACTICE AND NON-COMPLIANCE IN THE SECTORLack of anefficient internalcontrol/compliancesystemWeak regulatoryenforcement /action takenagainst fraudstersInadequateutilization oftechnology toolsavailable toidentify red flagsLack of a zerotolerance approachtowards malpracticeand regulatorynon-complianceInadequate duediligence onemployees/ thirdparty associatesUnrealistictargets/goalslinked tomonetarycompensationsSeniormanagementoverride ofcontrolsInadequateoversight by theBoard/ TPERCENTPERCENTPERCENTPERCENTPERCENTSource: gLetters/2014/ucm401451.htm7Managing growth through better compliance A survey report5
Acknowledging non-complianceDespite recognizing non-compliance as a challenge,about 45 percent of survey respondents indicated thattheir organizations had not experienced any fraud ormalpractice in the last two years. Further, only 30 percentof survey respondents confirmed that their organizationshad experienced non-compliance with obligations duringregulatory authority inspections and/or other agencyaudits.Absence of fraud/ non-compliance could indicate thatthese organizations were either fully compliant withthe minimum critical requirements or regulatory bodieswere yet to conduct inspections. It is also possible thatmany respondents felt uncomfortable sharing details ofany non-compliance (detected or undetected) in theirorganizationsFurther, the US and the UK have proactive and wellmanaged pharmacovigilance programs10 such asMedWatch and EurdaVigilance which help themtrack not just adverse events and reactions caused bymedicines, but also track short and long term impactof medicines on patients. Unlike these highly regulatedpharmacovigilance programs, India’s pharmacovigilanceprogram is relatively nascent, having been initiated inrecent years.This limited extent of a proactive pharmacovigilanceprogram in India, may allow organizations and regulatorsto view non-compliance with quality standards with lessseverity than it deserves, since consequences are notconsistently tracked. For instance, there is limited dataon the number of adverse events caused by standard orsub-standard medicines that have led to patient death.In contrast data available in the US and UK encourages,tracks and investigates every adverse event that occurs toits very end.Considering the large volumes of medicines beingproduced and consumed in India, non-compliance withdrug standards makes for a serious concern that needsto be addressed by the government IN THE LAST02YEARS45%My organization has notexperienced any type ofnon-compliance30%Any incidents ofnon-compliance withGMP/GDP/GCP/GLP/Pharmacovigilance guidelines12%Corporate espionage,counterfeiting and IPR9%Diversion/ theft offunds or goods6%Bribery andcorruption3%GMP compliancewith third partymanufacturer3%Internet and/orcyber fraud10A pharmacovigilance system measures the effect of adverse events and adverse drug reactions on consumers due to sub-standard andinefficacious generic and/or branded medicinesManaging growth through better compliance A survey report6
Common non-compliance scenarios observed in the Indian life sciences industryUSFDA findings trends8AreaDiscrepanciesLaboratory controlsFailure to ensure that laboratory records include complete data derived from all testsnecessary to assure compliance with established specifications and standardsComputer systemcontrolsFailure to exercise appropriate controls over computer or related systems to assure thatonly authorized personnel institute changes in master production and control records,or other records. Failure to implement access controls and audit trails for laboratorycomputer systemsFailure to establish and follow appropriate written procedures, designed to preventobjectionable micro-organisms in drug products not required to be sterileQuality controloperationsFailure to follow written procedures applicable to the quality control unit and failureto review and approve all drug product production and control records to determinecompliance with all established and approved written procedures before a batch isreleased or distributedInvestigationsystemFailure to adequately investigate complaints, deviations and OOS results, and extend theinvestigations to other batches that may have been affectedProductionoperationsFailure to follow written procedures for production and process control designed to assurethat the drug products manufactured have the identity, strength, quality, and purity theypurport or are represented to possess, and to document same at the time of performanceTraining systemFailure to ensure that each person engaged in the manufacture, processing, packing,or holding of a drug product has the education, training, and experience, or anycombination thereof, to enable that person to perform his or her assigned functionsEU/MHRA findings trends9AreaDiscrepanciesContaminationprevention systemInadequate contamination prevention system: Potential for microbial & non microbialcontaminationInvestigation failureFailure to thoroughly review any unexplained discrepancy or the failure of investigation ofanomaliesDocumentationcontrolsAbsence of documentation/ quality system elements/SOPs.EnvironmentalmonitoringProcedure for environmental monitoring not available or followed.ValidationProcedures not established or inadequate or partially followed for Process and cleaningvalidationIn process controlsProcedures not established or followed for In process control and monitoringEquipmentvalidationsInadequate design and maintenance of premises including equipment validationsSource: US FDA Website - Source: http://www.gmp-compliance.org/eca news 364.html89Managing growth through better compliance A survey report7
Challenges in compliancemanagementThe key to managing any compliance framework is tocreate a matrix of concerns that affect compliance andrate these based on the organization’s understanding oftheir impact on the business. In the context of new andproactive compliance requirements prescribed by globalregulators, survey respondents rated their concerns interms of high risk to low risk.Close to 50 percent of survey respondents indicated thatdata management systems and Pharma Quality systemswere a concern, alongside investigation of anomalies(Corrective Actions Preventive Actions). This can largelybe attributed to the skill deficit in the sector to handlethese issues, as indicated by 52 percent of surveyrespondents. Further, in our view, a proactive self-drivenmechanism that monitors compliance on an ongoingbasis, can possibly help manage compliance concernsbetter within an organization.About 52 percent of survey respondents indicated thatthere was lack of clarity and consistency on complianceexpectations and 24 percent said reviews of productquality were irregular. Ambiguity in interpretationof guidelines is an inherent risk that all regulatoryauthorities attempt to manage, with varying degrees ofsuccess. A case in point is that manufacturing facilitiesdeemed to be compliant previously are now being issuedwith manufacturing bans and import alerts.PharmaDataManagement QualitySystemssystemsInvestigation Lack ofof anomalies trainedresources– CAPAto addresscomplianceneedsOversightof RawmaterialsupplierInterpretation Microbiologicalof regulatory ompliancewith locallawsAvailability ofskilled andtrainedconsultantswith a globalperspective6%15%18%24%27%27%42%45%45%48%Key Concerns in Compliance ManagementAvailabilityof standardrawmaterialsDifficulties in managing quality related compliance requirementsPoor vendor/third partymanagement practicesBudgetary constraints/ lack ofcompliance planning45%39%27%48%Inadequate training to employees onquality and other aspects of complianceLack of clarity and consistency oncompliance expectations from regulatorsFocus on growth leading tocompliance being relegated to thebackburner24%52%52%Availability of skilled andtrained staff6%Irregular review of qualityindicators by managementIncorrect timelines provided to completeresolution of negative inspection findingsManaging growth through better compliance A survey report8
We believe this is a result of increased scrutiny byregulators owing to the change in assessment standards.Regulators have been forced to relook at the assessmentstandards due to several cases of whistleblowersreporting large scale non-compliances to authorities.As with any formal regulatory approval, the onus ofcompliance with all regulations is on the license holderand not the regulatory authority. This means thatregulatory ambiguity can only be addressed through avery robust and proactive risk identification, assessment,management and mitigation system for quality process,system, product and people, among other factors. As perinspection findings reports of the USFDA and MHRA overlast few years, organizations have been issued warningletters for lack of a documented training program,leading these authorities to believe that it has not beengiven the critical importance that is expected. With everevolving regulatory compliance requirements, trainingform an integral part of risk mitigation and management.Lack of skilled resources to manage compliance couldbe a result of lack of well planned and executed trainingprograms across the industry.Around 48 percent of survey respondents confirmedthat compliance strategy was not a key area earmarkedfor investment in their organizations, indicating thatperhaps senior management did not consider this areaas a high risk with serious consequences in the event ofnon-compliance.Close to 45 percent of survey respondents felt thatproduct quality issues and probable data manipulationwas due to poor or non-existent control over rawmaterial vendors. In this context the USFDA/MHRAobservations note that organizations appear to havemanipulated quality control records to help thempass the finished product for commercial sale. Suchmanipulation would not be required if the standard ofraw material used in the manufacture of a commercialbatch conformed to that used in test/validationbatches11.Source: es/2014-03-1311Managing growth through better compliance A survey report9
Deloitte Point of ViewA road map for building an effective andefficient compliance management systemThe adage, Prevention is better than cure is applicableto the life sciences industry not just in spirit, but inpractice too. With every action across the life sciencesvalue chain needing validation and approval to mitigaterisk to human life, a proactive approach to fraud andcompliance risk mitigation has been recommended by allstake holders from within and outside the industry.We believe that for organizations to minimize the riskof compliance failure, they need to have a 360 degreeapproach to managing compliance and fraud risks. Inour experience, a 360 degree compliance managementsystem should consist of the following elements.Internal InitiativesExternal InitiativesThese are initiatives that the company must undertake toself-assess its preparedness to comply with regulations.Some leading practices includeThese initiatives call for extending the existing internalprograms to external stakeholders. Some of the leadingpractices include Establishing a Corporate Quality Policy aligned withglobal quality and system requirements Implementing a Pharma Quality System frameworktested by internal teams on an ongoing basis forcompliance with current regulatory guidelines and asper ICH global risk management protocols Approved and documented job descriptions for allpositions aligned with functional accountability Recruitment of qualified and skilled people as definedin the job description documents. Training and assessment programs for new andexisting personnel conducted by internal trainers andassessors to help them keep abreast of regulatorychanges ahead of time Zero tolerance by top management to any form ofnon-compliance Ongoing investments in technology solutions forquality assurance and control programs Conducting a robust vendor/supplier qualitycompliance audit programs by internal and externalassessors on an annual basis Cross functional training by external consultants oncompliance matters Periodic quality system audits and overviews byrecognized and qualified consultants Continuous validation program to validate technologysolutions overseen by independent experts Stringent review and immediate resolution ofnon-compliant quality systems by non-executivedirectors and senior management Technical and commercial audits of R&D labsand review of objectives delivered within agreedtimeframesThough the above mentioned list is not exhaustive,we believe that these are bare minimum initiativesthat could provide companies with a robust fraud andcompliance risk mitigation process, helping them steerclear of negative regulatory actions, including financiallyexpensive import bans.Managing growth through better compliance A survey report10
Detecting fraud and managingnon-compliance and malpracticeUpon detection of fraud 85 percent of respondents saidthey launched an internal investigation by a speciallyappointed committee, while 82 percent confirmedthat some form of disciplinary action was initiated asper existing policies and fraud and compliance riskmanagement frameworks.About 94 percent respondents confirmed that a majorityof non-compliance or fraud was detected duringregulatory authority inspections or self-audits initiatedeither on account of remediation plans or proactiverisk management. A very small percentage of therespondents engaged external consultants to detect/identify non-compliance in the organization. In our view,many actions by regulatory authorities can be avoided ifexternal consultants are a part of the risk managementand mitigation process.Further, 76 percent of respondents indicated that theirwhistleblower hotlines were responsible in detectingnon-compliance or fraud. Demonstrating action onwhistleblower complaints can give employees confidencethat their concerns are being addressed and also helpthe organizations safeguard themselves against possibleregulatory action.55%94%During histleblowercomplaintsUse of dataanalytics toolsThrough supportfrom externalconsultantsDuring biannualregulatory auditBy accidentMETHOD OF DETECTIONManaging growth through better compliance A survey report11
ConclusionWith the life sciences sector expected to grow rapidlyover the next few years, evolving the compliance riskmanagement processes would take equal precedencewith business and commercial considerations, especiallyfor organizations looking to grow rapidly in lucrativeand highly regulated markets of the US, EuropeanUnion and Latin America. These markets are developingcomplex quality compliance frameworks that functionto protect their population from substandard medicines.Organizations are therefore expected to have proactivecompliance management and risk mitigation frameworksthat are aligned to the regulatory authority guidelines inthe markets they serve.While the life sciences sector in India is aligning withthe changing compliance dynamics, there are manychallenges it has to overcome, particularly in the areasof compliance management. Failure to address andovercome these challenges on a war footing mayresult in business stagnation or decline, allowing othercountries such as China, Thailand, Indonesia, SouthAfrica, and Russia to surge ahead and claim leadershipposition in this industry. The Indian government shouldsupport the industry to transform and align its vision andmission with global expectations over the next few yearsand help it attain its preeminent position of being the'pharmacy to the world’.ContactsRohit MahajanSenior DirectorDeloitte Touche Tohmatsu India Pvt. Ltd.Tel: 91 22 6185 5180E-mail: rmahajan@deloitte.comNitin BidikarDirectorDeloitte Touche Tohmatsu India Pvt Ltd. 91 982 080 9199E-mail: nbidikar@deloitte.comManaging growth through better compliance A survey report12
This document and the information contained herein prepared by Deloitte Touche Tohmatsu India Private Limited (DTTIPL) is intended to providegeneral information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). This document or the informationcontained therein should not be circulated to or shared with external parties and is only for your internal reference. The procedures that DTTIPLperformed were limited in nature and do not comprehend all matters that might be pertinent or necessary to enable the recipient to achievethe purpose in connection with which the services have been sought. The document does not constitute a complete analysis and only providesindicative guidance. None of DTTIPL, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “DeloitteNetwork”) is, by means of this material, rendering professional advice or services. Deloitte will not be liable for any direct, indirect, incidental,consequential, punitive or other damages, whether in an action of contract, statute, tort (including without limitation, negligence) or otherwise,relating to the use of the analysis and information contained herein.The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making anydecision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser.No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this material.In no circumstances will DTTIPL or any of their respective subsidiaries, affiliates, representatives, partners, directors, officers, employees, advisersor agents be responsible for any forecasts and details on the market. These are supplied as a guide only and do not purport to contain all theinformation that an interested party may require. By accepting this document the recipient acknowledges and is deemed to have agreed to theterms of this disclaimer. The recipient agrees that it will be solely responsible for making its own investigations and analysis, including the costsand expenses incurred thereon, and forming its own view as to the subject matter and the accuracy and completeness thereof.Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network ofmember firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referredto as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and itsmember firms.statements contained herein. 2015 Deloitte Touche Tohmatsu India Private Limited. Member of Deloitte Touche Tohmatsu Limited
compliance failure, they need to have a 360 degree approach to managing compliance and fraud risks. Contents. Managing growth through better compliance A survey report 4 Non-compliance Regulatory non-compliance is a challenge that can hinder the life sciences sector's growth in India. Around
