Rapid changes in the pharmaceutical industry call for a compliance upgrade. Adoption of digital technologies such as automation and machine learning can help compliance maintain its position as a strategic partner to the business.
Without modernizing compliance operations at pharma companies, it will likely become increasingly difficult, if not impossible, for compliance to remain a strategic partner to the business—a position that took years to achieve. Regulatory requirements are increasing, regulators’ capabilities to identify risks and bad behaviors are growing in speed and sophistication, internal pressure to cut costs and do more with less is intensifying, and digital technologies themselves can be a source of risk as the business adopts new tools and ways to engage with customers.
Deloitte Center for Health Solutions’ interviews with industry executives at 10 pharma companies found that:
In this article, we propose a view of digital maturity to help organizations assess their current state and ambition and recommend action steps to consider in modernizing their compliance operations.
Explore the Life sciences collection
Subscribe to receive related content from Deloitte Insights
Download the Deloitte Insights and Dow Jones app
As an enabling function, compliance at pharma companies covers multiple areas, including human resources, foreign corruption and bribery, patient assistance programs, communications with patients and health care professionals (HCPs), and reporting to regulatory bodies.1 Given the need for specialized expertise in each of these areas and a dependence on other parts of the organization for data, compliance operations have traditionally relied on manual processes. And this means that a compliance program can only be as powerful as the number of people assigned to it.
Digital technologies can make it possible to move away from rote tasks, keep up with the growing amounts of data, and transform compliance into a value-creating organization that anticipates what can go wrong and prevents it from happening.2
“Our minds are faster than our work allows us to be. We couldn’t do certain things because the capability wasn’t there. Now we can.”
—Sales force planning executive, large pharma company
But are pharma companies taking advantage of the opportunities afforded by digital technologies to modernize their compliance operations?
We set out to answer this question by understanding current levels of technology adoption and future opportunities for compliance modernization. We interviewed 16 executives from compliance, commercial, and medical affairs functions at 10 pharma companies (see Appendix 1). We found that the use of digital technologies is still in the nascent stage, but interest and opportunities are growing.
Our findings suggest that the resource-intensive nature of many of the operational activities limits the time compliance executives can dedicate to strategic tasks. While this is not unique to the pharma industry,3 it does suggest that companies may not be getting the value they expect out of their compliance operations.
Respondents said that identifying and customizing training needs, generating reports, and developing and managing compliance policies require considerable resources. Monitoring and auditing involve manual data extraction from multiple documents and data systems and dealing with inefficient processes for document management. And ad hoc activities such as attending meetings, reviewing promotional materials, and answering queries from business colleagues can be time-consuming.
When executives from the business side (commercial and medical affairs) engage in compliance-related activities, they too find many of them resource-intensive. Examples include reviewing promotional materials, customer relationship management (CRM) tool management, managing product samples, and performing administrative tasks required by policy.
Our research has found that though digital technologies promise to improve efficiency and quality, their adoption in compliance by pharma companies is nascent. And even when they are used, the levels of adoption and types of technologies vary. For example:
Most of the implemented use cases we heard about in this research support reactive activities, such as identifying and reporting past events. Below we provide a few examples of implemented solutions categorized according to what they are used for.
Despite these examples, our conclusion is that there is much more opportunity to implement digital technologies. For many reasons, compliance organizations at pharma companies do not have a well-developed strategy around taking advantage of opportunities.4 One way to get started is to consider a digital maturity model that can be useful in designing that strategy.
The model we describe in figure 1 can help organizations assess their current position and ambition for the future.5 It also serves as a reminder that strategy, not technology, drives digital transformation.
The fundamental stage involves preparatory work: to make systems and processes analytics-ready and put in place and/or streamline basic analytic capabilities. At the next stage of insight generation, compliance professionals spend more time on analytics than on data management: automating routine processes, implementing continuous controls, and performing root-cause analyses. As more compliance and analytic work is automated, the compliance function can move beyond backward-looking analysis and reporting toward generating foresights—anticipating and preventing future risks.
Respondents offered many ideas for using digital technologies to improve compliance and business processes. We have categorized use cases along the digital maturity continuum (see figures 2, 3, and 4), and for each level of digital maturity, we offer a detailed description of a use case applicable to most pharma companies’ compliance operations.
Detailed use case: Automated risk assessment across a product portfolio. Interviewing business owners is one way in which compliance officers assess risks for products or portfolios. But this in-person approach means that risk assessments do not happen as regularly or as often as they should.
An automated risk assessment process for a product portfolio, built on an existing risk management platform, can capture data from stakeholders (product owner, brand team) through a standardized survey. Survey questions could cover risk domains based on the company’s requirements and an automated schedule could ensure the desired frequency of data collection. And more stakeholders can contribute survey data than through the traditional approach. Additionally, risk weighting and scoring algorithms can be added to automatically score survey results and provide an objective view of compliance risk that drives ongoing monitoring plans and activities.
With data collection automated, compliance activities can shift from gathering to analyzing data and providing meaningful insights. Furthermore, the solution can help compliance teams become more targeted, paying greater attention to higher risk areas with in-person visits.
Detailed use case: Automating compliance reviews of HCP engagement requests. Pharma companies process numerous HCP engagement requests (for speaker or education programs, for instance), a process that can be labor-intensive. Algorithms that combine ML with NLP and NLG can help improve the efficiency of this process.
When the business submits a request through a CRM portal or similar system, an algorithm performs the first level of review and the results are routed to compliance. A dashboard showing all HCP requests in the queue includes a confidence score and reason for rejecting or approving each request. Exceeding budgets, inconsistencies in the request, or failure to substantiate the business need could be reasons for rejection.
The compliance professional can either accept the algorithm-proposed dispositions for the requests or perform a secondary review. Certain parts of the text in the request are color-coded to facilitate secondary review: for example, green identifies key terms and phrases that justify approving the request, red signifies risks associated with the request or potential reasons to disqualify the HCP in question from participating, and yellow points to areas that are unclear or warrant further review.
The results from the secondary level of review feed back into ML algorithms that continue to learn as the system is used. Over time, the accuracy of the first level of review increases. Potential labor savings in the first year can be up to 50 percent and increase to 70 percent over time.
Efficiency is more than just about saving time and labor: When generation of analytical outputs is accelerated, they can be used as inputs in other analyses.
Our respondents described possible scenarios. Imagine using the following monitoring findings to predict risky behaviors by reps:
Using such monitoring findings for risk assessments is an unlikely option in traditional compliance operations due to lag times of six to 12 months. Digital technologies are accelerating data generation close to real time and making new approaches to risk assessment a reality.
Detailed use case: Continuous monitoring of third parties. A risk-sensing solution uses NLP to mine unstructured text from hundreds of thousands of external data sources in multiple countries and languages, to provide early warnings of potential third-party risks. The examples of risk domains the solution can track for a specific third party include:
The solution generates a risk profile, a summary of the signals to support the risk profile, a risk score based on the number and strength of the warnings, and potential implications. The information is organized into a dashboard for compliance professionals to periodically review third-party risks. The solution helps the compliance function to anticipate and prepare for these risks weeks or even months in advance.
How should compliance executives think about activities that merit technological solutions, especially given their budget constraints? We recommend that companies approach them thoughtfully and evaluate the following within the context of their organizational structures and business needs:
In Appendix 2, we provide an example of a prioritization matrix to illustrate how companies may inventory and evaluate their compliance processes against multiple criteria.
In all the 10 companies we interviewed, compliance departments play a strategic role, and most respondents admit it took a great deal of work and relationship-building to get there.
Demands on compliance departments will likely continue to grow: Regulators’ capabilities to identify risks and possible bad behaviors are evolving, internal pressure to cut costs and do more with less is intensifying, and digital technologies themselves can be a source of risk.
Compliance functions should continue to modernize their processes, or they may find it difficult to retain their hard-earned positions as strategic partners to the business. As their work gets harder, they may find it challenging to be effective with blocking and tackling alone. The time to invest in digital transformation is now; every company can take steps today to modernize its compliance operations regardless of where it is on the digital maturity continuum. These steps include (figure 5):
In spring 2019, the Deloitte Center for Health Solutions conducted interviews with 16 executives from compliance, commercial, and medical affairs functions at 10 pharma companies (see figure 6). Nine were large-cap companies, with revenues greater than US$10 billion, one was a start-up. During the interviews, we focused on compliance-related activities. The objectives were to:
In this illustrative example, we chose to focus on automation technologies because they are applicable to most companies at the fundamental and insight generation stages of digital maturity.
After inventorying all compliance processes, stakeholders identify those processes for which automation approaches are feasible and plot them on the matrix along the dimensions of automation potential, ease of implementation, and value to the organization.