Please login to the form below

Not currently logged in

Risky business for pharma

China, Russia and Brazil are expected to provide the most issues


Intense scrutiny of life science and healthcare companies is not a new phenomenon. Indeed, the pharmaceutical industry alone has been a key target of government enforcement for more than 25 years. Between 1991 and 2015, 373 settlements totaling $35.7bn were reached between the US federal and state governments and pharmaceutical manufacturers. Today, even as governments expand enforcement efforts to new areas - such as asset management and private equity - and as enforcement priorities shift - toward trade compliance and data privacy, for example - life science and healthcare companies and especially pharmaceutical manufacturers, continue to be prime enforcement targets for activities throughout the world.

While promotional issues have historically been front and centre in government and private actions against pharmaceutical companies, a new report published by Ropes & Gray shows that there are many other risks to consider, including but not limited to bribery and corruption, money laundering, competition and antitrust, cybersecurity, data privacy and regulation and compliance. The report - Risky Business: Mitigating Exposure Through Comprehensive Risk Management  - is based on a global survey of 300 senior executives working for multinational businesses in North America, EMEA, Asia Pacific and Latin America. Participants include 50 executives from life science and healthcare companies, as well as peers from the asset management, banking, private equity and technology sectors.

Key areas of concern

As part of the Risky Business survey, senior executives from pharmaceutical companies, such as Amgen, Sanofi and GSK, highlighted the current areas of greatest risk for their organisations. The responses provide a sense of the myriad issues facing the pharmaceutical industry.

Chan Lee, North America general counsel, Sanofi, explained: “Drug pricing is a significant risk in our industry, particularly in the US.” Lee also cited “scrutiny of manufacturer interactions with payers, patients, specialty pharmacies and other stakeholders, including greater scrutiny from government investigators”.

PD Villareal, senior vice president, global litigation, GSK, echoed “significant pricing concerns . . . especially, but not only, in the US” and he added that “[f]or [GSK], like many global enterprises, one has to be concerned with the challenge posed by bribery and corruption risks - whether it’s the Foreign Corrupt Practices Act from a US perspective, or the UK Bribery Act, or the many national laws that are relevant”. Villareal also cited “[c]ompetition and antitrust issues . . . as a global risk for multinational companies”.

Cynthia Patton, senior vice president and chief compliance officer, Amgen, identified several additional areas of concern: “For global companies, privacy is becoming much more important. . . . Cybersecurity worries businesses more and more - and it impacts privacy.” She added, “As for the regulatory environment, that area continues to evolve, in the US and globally. There was a time when you’d have a regulatory issue in one country and it would stay there, but regulatory enforcement agencies now talk to each other.”

Global risk areas  

China (22%), Russia (16%) and Brazil (16%) led the list of riskiest markets identified by surveyed executives from life science and healthcare companies, but the UK, along with the US, closely followed (both identified as posing a significant risk by 10% of participants). Across all sectors, the UK tied with Brazil for second place as the “market . . . posing the most significant risks overall”, perhaps due to continued enforcement of the UK Bribery Act and the uncertainty caused by Brexit.

Notably, 62% of life science and healthcare companies surveyed named regulation and compliance as the risk they feel least prepared to address, despite 72% of these companies reporting that regulation and compliance risk is currently allocated the most resources. This highlights the immense challenges faced by global pharmaceutical companies in complying with scores of country-specific regulatory regimes, where the only constant is a complex regulatory environment.

Life science and healthcare companies surveyed felt best prepared to address risk from corporate social responsibility and supply chain management (40%) and enforcement and investigations (40%), perhaps reflecting substantial expertise in areas of focus for an industry under longstanding regulatory and public scrutiny. By contrast, more recent enforcement priorities, such as intellectual property (26%), anti-money laundering (24%) and sanctions and export controls (24%), were identified as risks these companies feel least prepared to address.

Somewhat surprisingly, cybersecurity and data privacy failed to register as a top risk for many life science and healthcare companies, at 8% and 2%, respectively. These numbers can be expected to increase in the future, as companies contend with increasing cybersecurity threats and more onerous privacy laws, such as the European Union’s General Data Protection Regulation (GDPR).

Managing the risk

What can life science and healthcare companies do in the face of all these risks? The survey reveals opportunity for improvement, as 66% of participating life science and healthcare companies expressed concern that their current risk management policies and practices do not meet their present needs, while 64% are concerned that their current policies and practices will not meet all future needs of the company. In the face of this uncertainty, pharmaceutical companies should continue to take proactive actions to manage global risks.

First, companies should implement comprehensive enterprise risk management strategies to identify, mitigate and monitor risk at a global level. A robust risk management strategy begins with a comprehensive risk assessment that not only identifies the risks faced by the company, but also helps prioritise the risks for efficient mitigation and management. Effective enterprise risk management requires engagement from the board and senior management. As an added benefit, active engagement of the board and senior management helps to ensure an enterprise-wide culture of compliance. As PD Villareal of GSK explained, companies need “a corporate infrastructure that continually reinforces . . . that there’s a proper way and an improper way of doing business and that only the proper way will be tolerated and rewarded”.

Companies should also deploy robust, cross-functional compliance structures equipped to evolve and manage the ever-changing risks faced by the industry. Collaboration among the compliance, legal, internal audit and finance functions is critical to managing the various risks faced by pharmaceutical companies. At Amgen, for example, “[s]omeone from law, compliance and finance is usually a member on all the leadership teams of our businesses”, a best practice adopted by many companies at the country or business unit level (or both). While 90% of all life science and healthcare companies reported that the company’s risk managers (eg GC, CCO, CFO) collaborate and communicate “to a moderate extent” or “to a great extent”, there is always room for improvement - 92% of companies in the life science and healthcare sector agreed that more collaboration would improve the company’s overall risk profile.

Companies continually balance global operations with local controls. Operating a global compliance programme that accounts for local regulatory requirements is a challenge, particularly in the pharmaceutical space where regulations regarding clinical development, product approval and sales, marketing and distribution can vary widely from country to country. Companies can more effectively manage this risk by ensuring alignment between local and global management.

At GSK, for example, the company hosts town hall meetings focused on company values and reports results to local management teams.

Finally, the importance of auditing and monitoring should not be underestimated. As known risks evolve and new risks emerge, companies must be vigilant - an effective auditing and monitoring programme allows issues to be addressed early and helps companies stay on top of the industry’s ever-changing risk profile. As Cynthia Patton of Amgen explained, “We think in terms of lines of defence. The business is the first line, monitoring is the second and auditing is third.”

Pharmaceutical companies must continually assess, organise and staff effectively to ensure that all lines of defence are operating as intended.

For a full copy of the Risky Business report, please visit Ropes & Gray’s Global Health Care Compliance website at

Article by
Alison Fethke and Deanna Foster

Alison Fethke is co-head of the Ropes & Gray Global Healthcare Compliance team and Deanna Foster is an associate at Ropes & Gray

9th February 2018

Article by
Alison Fethke and Deanna Foster

Alison Fethke is co-head of the Ropes & Gray Global Healthcare Compliance team and Deanna Foster is an associate at Ropes & Gray

9th February 2018

From: Regulatory



Career advice

No results were found

Subscribe to our email news alerts

Featured jobs


Add my company

OncoSec is a clinical-stage biotechnology company focused on developing cytokine-based intratumoral immunotherapies to stimulate the body's immune system to target...