Medical device and life sciences companies operating under corporate integrity agreements (CIAs) spend years responding to regulatory obligations. During this period, companies of all sizes face the monumental task of incorporating CIA requirements into their daily operations. While plenty of guidance exists around meeting CIA obligations and rapidly ramping up the size of the compliance department to meet them, less attention is given to the equally difficult task of managing through the conclusion of a CIA and the ramp-down that follows.
Chief compliance officers (CCO) face significant pressure to maintain a compliant culture while still reducing costs following the end of their CIAs.
“One key challenge for every CCO is to maintain the culture of compliance without the proverbial CIA hammer,” says Sarah DiFrancesca, an associate in Cooley LLP’s Health Care and Life Sciences Regulatory Group.
“In addition, there is often pressure to scale back some processes and procedures that were put in place under the CIA so they can operate more efficiently,” states Stefanie Doebler, special counsel in Covington & Burling LLP’s Health Care and Food and Drug Practice Groups.
With focus shifting away from CIA-related compliance requirements, it can be difficult for management to balance the risk and value in a post-CIA organization.
Leaders must ensure that risks are still appropriately addressed in the face of changing requirements. For companies that have not fully considered transition, it may mean losing of infrastructure or processes that can lead to significant compliance issues and financial impact.
When considering a reduction in compliance infrastructure, companies should keep in mind that if they are required to enter into a subsequent CIA, they will likely pay a price. Approximately two-thirds of the time, a second or third CIA was accompanied by a larger settlement – and more onerous terms and conditions – than the CIA settlement preceding it.
“If a company faces another government investigation, prosecutors will question why controls put in place by a previous CIA did not uncover or address problematic activity. Companies need to demonstrate a good faith effort to maintain an effective corporate compliance program post-CIA,” DiFrancesca says.
By strategically planning and transitioning out of a CIA, companies can mitigate the risks and costs of reverting to inefficient or insufficient operations. Consider two scenarios:
- A company decides not to make any changes because the CIA already built compliant operations. By choosing not to make changes, the company may be at risk of compromising value and efficiency by continuing compliance requirements that may be superfluous or outdated. A transition plan allows for strategically streamlining policies and procedures that are compliant and adequately address current business needs.
- Conversely, a company decides to change or remove most, if not all, compliance operations created to meet CIA requirements with little to no review or overall evaluation of ramifications. This option may leave the company open to the same risks that led to a CIA in the first place. Lessons learned and effective operations should be identified and maintained as a positive outcome of the CIA.
Functional integration of compliance obligations into operations demonstrates that effective compliance is seen as more than just risk avoidance by senior leadership. Risk management must become an integral component of company growth criteria so that commercial operations such as sales, manufacturing, business development, and product development are not overly constrained, but are executing growth strategies within compliant boundaries.
In a progressive post-CIA organization, proactive leaders evaluate the upcoming landscape and ask: What should be retained, what should be changed, and what should or can be removed? What is the best way to support these decisions and gain support from other senior management and key stakeholders in the process?
In order to address these questions, companies should approach the completion of a CIA as an evolutionary process that is part of the life cycle of a mature compliant organization. The following questions should be considered:
- What lessons has the company learned from the CIA that should be remembered in the future?
- Which policies, procedures, and operations are working well?
- What should/can be streamlined or eliminated?
- How will monitoring and auditing change?
- How will committee structures and responsibilities change?
- What compliance resources will be needed?
- How will the company use periodic, independent, third-party reviews?
- How can current data sources be leveraged to manage broader compliance requirements?
- Without a CIA in place, how does the organization continue to maintain a compliance-driven culture?
Lessons learned
Consider establishing a strategic framework for compliance operations including:
- CIA transition leader
- Cross-functional leadership team to:
- Evaluate the current compliance landscape
- Evaluate ongoing compliance operations affected by the current CIA
- Consider future business objectives and evaluate against compliance requirements
- Create a transition plan
- Support from senior management
- Communications plan to inform organization of new and continuing processes
- Plan to embed compliance integration within functional business areas
Conclusion
Companies emerging from a CIA face many challenging issues. Within the dynamic regulatory and business landscape, CCOs must take a leadership role in defining the resources and infrastructure required after the CIA ends.
Without a proactive stance, organizations may increase their compliance risk by not integrating lessons learned from the CIA, or impede business activity by continuing processes that are no longer needed. Either path is a lost opportunity to drive value.
A well thought-out transition plan that incorporates senior management buy-in and support, clear priorities and their rationale, and solid execution will ensure that companies that have been under a CIA shift smoothly to a risk-mitigation model driven by company needs, current industry practices, and enforcement trends.
Incorporating lessons learned To ensure a positive future following a CIA, consider the following steps.
2. Create a cross-functional leadership team “When the CIA is lifted, companies think they can return to the old best practices, when they really should be looking closely into the current best practices,” Doebler says. Evaluate on-going compliance operations affected by the CIA – Requirements set forth by CIAs often result in changes that affect daily operations. It is important to evaluate changes triggered by the CIA to determine if they are still valuable. Companies can capture lessons learned and identify best practices through discussions with stakeholders impacted by the CIA. Therefore, instead of simply removing or keeping all changes implemented under the CIA, companies can re-evaluate roles and responsibilities and update policies and procedures incorporating lessons learned. Evaluate the functional objectives against compliance requirements – As a part of the streamlining of compliance processes, the next step is to enforce ownership within operating functions such as sales, manufacturing, business development, and product development. The compliance team should work with the operating functions, and evaluate each area’s key objectives, strategies, and tactics against the new compliance processes. The benefit will be operating function strategies optimized for compliance and business objectives. Create a transition plan with contingency arrangements – A transition plan should contain clear measureable objectives, a timeline with milestones, identified work streams, key stakeholders and process owners, and potential contingency arrangements. Additionally, the transition plan should:
3. Gain support from senior management CCOs need contingency plans that demonstrate a balance of risk and value. They will need to use strong data to demonstrate potential compliance and financial risks of not implementing a compliance transition plan, and how a plan will drive operating function improvement. 4. Create a communications plan to inform the organization of new processes 5. Implement a framework to drive change |
Huron Life Sciences
www.huronconsultinggroup.com
About the authors:
Gary Keilty, a managing director with Huron Life Sciences, specializes in providing forensic investigation, dispute resolution, regulatory compliance, and acquisition due diligence services to health care and life sciences organizations and their legal counsel. He can be reached at gkeilty@huronconsultinggroup.com or 813.309.1139.
Mark DeWyngaert, a managing director with Huron Life Sciences, specializes in assisting medical device, pharmaceutical, and biotechnology manufacturers with identifying and mitigating regulatory risks, and with valuation of services and intellectual property. He can be reached at mdewyngaert@huronconsultinggroup.com or 646.277.8817.
Explore the November December 2014 Issue
Check out more from this issue and find your next story to read.
Latest from Today's Medical Developments
- Best of 2024: #9 Article – Strategy Milling combines old and new for precision dental restorations
- Best of 2024: #9 News – Global robotics race
- Best of 2024: #10 Article – Designing medical devices for every user
- Best of 2024: #10 News – 4 predictions for 2024: AI set to supercharge robotic automation
- Children’s National, FDA collaborate to advance pediatric device regulatory tools
- LK Metrology’s eco-friendliness CMMs
- Two patents for microfluidic valves
- AMADA WELD TECH’s blue diode laser technology