Kim Nemirow, Ropes & Gray government enforcement partner, analyzes new compliance strategies global life sciences companies are facing in an evolving market.

Over the past several years, we have seen a significant change in the life sciences market around the world – probably two big trends come to mind. First, we've seen a real globalization of companies, where once many companies were operating in one, two, three countries around the world, now everyone's operating in 80-100 countries. Second, aside from the globalization, we have seen very significant consolidation of companies in the past, really, two to three years, where companies have merged and become much larger operations. With each of these issues arise new compliance challenges. With globalization, of course, where you go from operating in three countries to 100 countries, you now need to have the regulatory infrastructure to deal with the requirements of the 100 different countries. And that could mean local counsel in all of your countries. That could mean understanding what is and is not okay in each one of those countries that you're now doing business in. With respect to consolidation, the challenges are different. Instead, you might be faced with making sure that two very different compliance programs get integrated and harmonized correctly. Some companies approach these in different ways. Some may choose to have one smaller company get subsumed into the compliance infrastructure of the larger company. Other companies take a different approach and use the merger opportunity to create an entirely new compliance program in infrastructure.

When companies are developing their compliance programs, it really should keep in mind a few things. Most importantly, I think, an effective compliance program must have the right tone from the top, which means the right buy-in from senior corporate leadership and the board of directors, really. Without appropriate tone from the top, a company simply will not be able to instill the culture of compliance that's necessary when you're dealing with large multinational companies. And part of the tone from the top is to ensure that a compliance program is sufficiently resourced, meaning that there are enough employees in the compliance department to effectively implement the program – that there are the sufficient controls, whether they be finance controls or internal monitoring or auditing controls, sufficient to deter and detect corruption or compliance violations of any kind. While a compliance policy, training program, monitoring program, financial auditing are all key components of a compliance program, without the tone from the top and the sufficient resources, really from the corporate level, none of those policies or training can really be effective.

One of the key things that you're looking for in a compliance program, is not to deter all issues or all violations. In fact, an effective compliance program must find issues, or else it's not effective. What you have to be able to do is say, “We have the policies. We have the training program that's appropriately tailored to the right people and the right places. We have the monitoring program that is deterring issues and catching small things as they come up. We have a whistleblower hotline and we're investigating the issues that come out of that hotline. And then, we are remediating those issues that are identified appropriately by either taking appropriate discipline or improving the compliance program.” If you've done all of those things, then you're putting yourself and your company in a position to be able to tell any regulator, who comes up and asks questions, that our compliance program is effective, is functioning, and is deterring and detecting issues, and that any violator is merely a rogue employee operating against the very specific instructions of the company.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.