In Part 1 of this five-part series, I talked about how the essential elements of a compliance program can be grouped into three key areas to show the full cycle of the program. In this article, I will concentrate on the last step of a cycle, the testing and reporting. I will also talk about the three key areas to monitor.

What drives the need for rigorous testing and reporting in a compliance program?

It's important to not only build the front end of your compliance program but to also continuously check on how it is performing, for numerous reasons.

• We operate in a highly regulated industry where the rules are constantly evolving. This dynamic nature makes it challenging for compliance professionals to stay knowledgeable about emerging issues and changes around the globe that could impact the business.
• We operate in a highly visible industry with a potential impact to public and customer perception. Reputation is increasingly important. As good ambassadors, we need to present our industry as one that takes compliance and integrity seriously.
• We work with complex business models where there is a potential for misunderstandings. Many organizations operate under a global business model, where business unit support may not lie ‘in country’, especially with the compliance function. Standards may be set regionally or globally, leaving country affiliates to implement policies locally, which can be a challenge. The introduction of new elements (e.g. shifts from a standard pharma model to more specialty and rare disease products, changes in market access, complex patient support programs, etc.) has left many organizations in uncharted territory − opening an organization up to risk. It’s critical that an organization is nimble and able to adapt to ensure new elements are considered in maintaining a compliance program.
• We live in a highly engaged environment with access to some information that is well-sourced and validated, but some that is less so. This can leave us unsure of what information is accurate. Ensuring communications to external stakeholders are appropriate and factual is critical.
• We strive to do business the “right way” with the patient in mind. Organizations need to operate with a “patient first” mindset. That doesn’t just mean commercial or medical operations; it also includes compliance. Being able to effectively interact with key external stakeholders is paramount. If this is compromised for any reason and compliance-related findings are filed against an organization, patients will ultimately pay the price.
• Non-compliance has very real consequences for the company and for individuals.

The 3 key areas you need to monitor

Recently, three areas have come under scrutiny and require extra due diligence.

1. Third-party relationships are increasingly scrutinized, so it is important to conduct appropriate due diligence and actively monitor vendors. Questions to keep in mind when there are relationships with vendors and third-party intermediaries (TPIs) include:
   • Are we partnering with the “right” vendors?
   • How do we determine that? What due diligence is applied?
   • Are TPIs interacting with or making payments to external stakeholders in accordance with our policies and standards?
   • Have vendors & TPIs been trained on key policies and standard operating procedures (SOPs)?
2. Speaker programs and Other Learning Activities (OLAs) are also areas under scrutiny where compliance teams should be asking:
   • How many programs are conducted? Is the number of programs appropriate?
   • Is there a true educational value?
   • Who selects the speakers and attendees and is this appropriate? How many attendees do we get in a specific geography?
   • Do we have an effective program in place to monitor events and associated activity?
   • Is renumeration appropriate? Are we paying a validated fair market value (FMV) for service provided?
3. Equipment and other assets, including devices can constitute remuneration or transfer of value, not just honoraria and hospitality costs.
   • An example is diabetes care, where monitors may be provided to health care organizations at no charge. Is the transfer of value for the equipment reasonable and justifiable? Is it being adequately captured and documented?
   • Regardless of the reporting environment (i.e. not being obligated to report transfers of value in Canada), there is a benefit to the business to keep track of this information to understand what money or other transfers of value are going out and to whom.

What is our goal as compliance officers?

The goal when setting up compliance programs is to shift from “designing” a program (i.e. focusing on the front end of drafting policies and SOPs) to putting effort into ensuring a program is effective. This means regularly assessing risk to ensure the business is keeping up with industry changes. It also means understanding the business − its strategies, objectives and tactics – and knowing why and what people are doing. It is beneficial to proactively partner with the business to get a seat at the table early so you can provide support before problems arise. In this way, monitoring programs can be created not only to answer key compliance questions but to provide meaningful outcomes for the business.

In Part 3 of this 5-part series, I will talk about what do when something goes wrong and the pros and cons of auditing versus monitoring.

Can’t wait? You can listen to the entire “Closing the Loop” webinar now available on demand.