A Digital Compliance Office can do More Than Keep Biopharma Firms out of Regulatory Hot Water | Deloitte US has been saved
Limited functionality available
By Amry Junaideen, national life science and health care leader, Deloitte & Touche LLP
As my colleague Greg Reh noted in his recent My Take, many biopharmaceutical companies are on the cusp of a digital transformation that could push the sector to the next echelon of performance and efficiency. As departments and processes become increasingly digitized, it is important that company leaders not overlook one critical area… compliance.
Compliance touches all aspects of the pharmaceutical business. In addition to reporting to regulatory bodies, the compliance office impacts a wide range of functions within the company. This includes human resources, research and development, finance, patient programs, and communications with patients and health care professionals.
Compliance can be mired in manual processes
Compliance is rarely at the forefront of conversations about digitization because areas that touch customers more directly tend to be higher on the priority list. Moreover, compliance officers often come from a regulatory or legal background where process optimization and electronic processes tend to be rare. It is no surprise compliance operations have long relied on manual processes—and a company’s compliance program is often only as powerful as the number of people assigned to it.
The Deloitte Center for Health Solutions recently interviewed biopharma executives to assess the adoption of digital technology in compliance and to identify potential opportunities. We found that while some companies have automated certain compliance activities, adoption of digital technology is still often in the early stages. By maintaining manual processes in compliance, biopharma companies might not be getting the value they expect from their compliance operations.
C-suite executives should look beyond the traditional role of compliance, which is keeping the company out of regulatory hot water. By automating mundane manual processes that deal with past risks, the compliance office might have greater capacity to identify and avert future risks—and highlight its value to the overall organization. I am not advocating that compliance moves to the top of the priority list as biopharma companies undergo a digital transformation, but it is an area that is too important to exclude from the digital discussion. Perhaps, thinking of compliance as an investment rather than a cost—and quantifying its value in terms of return on investment—can inform this discussion.
What does a digitized compliance office look like?
Digitizing certain processes could help compliance officers become more proactive by helping them understand why a compliance event occurred. This could help them avert similar issues from occurring in the future.
A digitized compliance office is typically more efficient at addressing compliance issues than a compliance office that relies on paper-based systems. Digitizing some manual processes can give the compliance office more time to focus on complex and risk-prone areas. Chief executives should consider a thoughtful, strategic, and enterprise-wide approach that creates synergies between the compliance office and all other departments throughout the entire organization. But it is strategy—not technology—that can drive digital transformation.
While biopharma companies are becoming increasingly digitized, they could be missing a potentially significant opportunity if they don’t include the compliance office. We propose a digital maturity model for compliance to help organizations devise a digital strategy that can reach its full potential. The digital-maturity model consists of three stages:
1. The fundamental stage: This stage involves preparatory work to ensure that existing systems and processes are ready to go digital. During this stage, the digital team should determine how productivity could be impacted by integrating data systems and by simplifying, standardizing, and automating key processes.
Typical technologies: Data integration, traditional analytics, data visualization, automation through Governance Risk and Compliance (GRC) technologies.
2. Insight generation: The goal of this stage is to use digital tools to understand why a compliance issue occurred and to set up a system to prevent similar events in the future. A digitized compliance office should be able to implement continuous controls that can automatically stop processes that can lead to a compliance event.
Typical technologies: Robotic process automation or RPA (rules-based systems that mimic human behavior to automate parts of repeatable processes), advanced analytics, some cognitive technologies such as machine learning (ML), natural language processing (NLP), natural language generation (NLG), chatbots.
3. Power of foresight: At this stage, the role of compliance is transformed. Predictive intelligence helps compliance officers anticipate and thwart potential compliance issues before they occur. Compliance principles and checks are seamlessly integrated in business processes. The compliance office is able to transition away from mundane processes and focus most of its attention on developing new ways of generating value, such as identifying new market opportunities and operational efficiencies.
Typical technologies: Cognitive technologies (e.g., artificial intelligence, ML, NLP, NLG) that can analyze large amounts of unstructured, semi-structured, and structured data from multiple internal and external sources; risk sensing; behavioral analytics; the ability to make predictions by connecting signals from discrete data points that in isolation do not represent risks but collectively signify a pattern indicative of a risky behavior or process.
If it ain’t broke… you can still fix it
Drug manufacturers might spend more than $2 billion—and encounter myriad compliance hurdles—to bring a new drug to market. I expect that regulatory demands will likely continue to grow, which will increase demands on compliance officers. Rather than adding more people to keep pace, company executives should include compliance as they digitally transform other processes.
The promise of improved efficiencies and cost savings might not be enough to convince some company leaders to invest in a digital compliance platform. Even if they are able to see the potential benefits, they often don’t want to invest in new processes, particularly if existing processes are getting the job done. But C-suite executives should consider what role compliance could play going forward and whether the current level of investment is enough to get there.
Amry is the managing principal of Life Sciences & Health Care for the Risk & Financial Advisory business for Deloitte & Touche LLP. Amry has over 26 years of diversified global experience in the private and public sector having served large multi-national and public sector clients on many risk management and information technology related initiatives. Amry has extensive international experience including in-country leadership roles in Australia and India. Amry has had numerous client and practice leadership roles, having worked on Pfizer, Amgen, Beyer Pharmaceutical, Genzyme Corporation, Astra Zeneca, the Centers for Medicare & Medicaid Services, and the Australian Regional Public Health System. He was also the National and Global Security & Privacy leader for life sciences. Amry’s specialties include risk management, systems integration, internal controls transformation, and talent management. Amry has a bachelor of science degree in accounting and also is a certified information systems security professional, certified in risk and information systems control, a certified information systems auditor, and a certified practicing accountant (Australia).