Five Internal Controls to Reduce Compliance Risks

By Rob Shropshire

While there is no silver bullet to preventing investigations, here are a few simple steps that you can take to further establish a culture of compliance:

  1. 1. Establish a consistent Fair Market Value (FMV) methodology:
    • Determining FMV for HCP/O’s and Third Party Intermediaries (TPIs) in a documented and consistent manner is fundamental method to mitigate risks associated with global transparency and bribery laws. A robust process that quantifies differences in skills, geography and experience demonstrates upfront controls in governing how HCP/O’s are compensated for their time and effort. The result is an avoidance of any signals that FMV is established on a case-by-case basis or influenced by pre-existing relationships.
  2. 2. Run substantial due diligence on HCPs and TPIs:
    • It is important to run background and debarment checks on the HCPs with whom you are engaging. It is equally critical to perform and document due diligence checks on TPIs, such as distributers, CRO’s and Managed Care Organizations. Maintaining a list of approved TPIs along with evidence of due diligence minimizes risks associated with these types of interactions. Similar to the point above, consistently executed process for performing due diligence checks is a great way to demonstrate a culture of compliance.
  3. 3. Create a complete approval process for engaging with HCP/O’s:
    • Engagements with HCP/O’s should command a full and comprehensive review and approval from appropriate business units and departments. Examples include confirming business need for the engagement, validating appropriate FMV has been applied and verifying and HCP’s skills and background are aligned to the objectives and scope of the program. In addition, the review process should account for the local regulatory requirements and other complexities involved in engaging international HCP’s.
  4. 4. Maintain a contract archive:
    • A central repository including all contracts with HCP/O’s for national, cross-border and international assignments is a best practice these days. In addition to the legal language, contracts should include a description of deliverables, the scope of services to be provide, fees to be paid and payment terms and conditions. A common approach also includes executing Master Service Agreements with HCP’s that cover multiple service engagements over a one to two year period.
  5. 5. Develop reliable and transparent methods to handle exceptions:
    • While this may seem counterintuitive, the reality is that exceptions for engagement approvals, contract terms and FMV occur more often than we’d like. Extensive validation and detail of exception processing allows for a balance between compliance and day-to-day operations. For any process, flagging exceptions for review and providing clear rules for managing exceptions, ensures that business is operating in a compliant and risk-reduced manner. Best practices include that companies are increasingly tracking the percentage of exceptions and will raise a flag if exceptions are more than 5 percent of the population.

In general, the key is to use multiple steps to develop strong evidence of compliance. Following these steps will help demonstrate a commitment to establishing the necessary business culture. Critical success drivers are effectively training employees around these steps, and continuous risk monitoring. Using a third party to perform risk monitoring can assure independence, free up your internal resources and strengthen your compliance program with additional expertise and experience.