Non-compliance costs are industry agnostic. A recent study “The true cost of compliance with Data protection Regulations” conducted and published by Ponemon Institute quantifies the cost of non-compliance to be 2.71 times the cost of compliance. On an average $14.82MM vs $5.47MM for an average size company across all industries. Such costs include fines, penalties etc, not considering other indirect damages caused due to non-compliance. Pharmaceutical industry has registered one of the highest non-compliance costs both in terms of monetary fines and reputation damage. A simple warning letter from FDA in US can cost hundreds of thousands of dollars to send a response, even without a levied fine. Some of the costs involved include Lawyer fees, Consultant fees, reputation management costs before even the company trying to fix the problem raised in the letter. A Chicago based drug manufacturer Akorn Pharma received a warning letter from FDA in 2018 which resulted in a 12% drop in company share price within a single day, such is the effect of non-compliance.
RegTech has the potential to transform how pharma companies manage compliance. Preemptive recognition of changes in regulations that could affect the product before it reaches the market or before a regulatory submission is done could save the company millions of dollars and eliminates the necessity to fix the problem afterwards. The ability to anticipate gives manufacturers the capacity to avoid problem areas in compliance, ultimately allocate fewer resources fighting the subsequent penalties and fines linked with non-compliance, and also seize new market opportunities.
Five primary areas within compliance function where smart use of technological solutions can benefit pharma companies are
- Compliance Readiness and Audit: All activities including internal audits, third-party audits, verification programs etc. Determining organizational readiness to tackle a new regulation by constant evaluation of employees at an individual and team level helps the company stay ahead of the regulatory curve.
- Training & Communications: All activities that enable a company to train or create awareness of external factors like new regulations and internal organization’s policies and related procedures including all downstream communications to employees, temporary employees, contractors and business partners. Readily available industry resources to train and guide the teams as per the need of the hour and a continuous updating of training procedures help in creating the culture of readiness.
- Program management: All activities that require external consultants to work with an internal team to solve a critical issue. Access to the right expertise at the right time enables team to handle and tackle any critical compliance issue before it arises. Having a right guidance at the product development stage saves the company millions of dollars by fixing the compliance issues much earlier in the value chain with the help of industry experts.
- Data Policies: Activities associated with the creation and dissemination of policies that pertain to the protection of confidential or sensitive information such as customer data, employee records, financial information, intellectual properties and others.
- Data security: All activities and technologies used by the organization to protect information assets. Activities include professional security staffing, implementation of control systems, backup and disaster recovery operations and others.
In conclusion, technological solutions provide a unique opportunity to pharmaceutical companies looking to creatively reduce non-compliance penalties while continuing to reliably meet the directives of regulatory agencies. Use of technology in pharmaceutical compliance is still in its early stages but has a promising future.
- The true cost of compliance with Data protection Regulations – Benchmark study of Multinational organizations, Sponsored by Globalscape. Independently conducted by Ponemon Institute LLC. Publication Date: December 2017