Pharma and medtech companies are spending more management time and resources on compliance than ever before, but compliance problems continue to grow. Noncompliance warnings in the healthcare industry have risen sharply over the past ﬁve years, as have medical-device recalls and drug shortages due to quality problems (see Figure 1). And those issues add signiﬁcant cost and risk to the business.
What’s changed? Compliance requirements around the world have multiplied since 2000. At the same time, pharma and medtech product portfolios and organizations have grown rapidly and become more complex. That combination has created a perfect storm in compliance for many leadership teams.
For decades, growth has been the industry’s top priority, and many companies have assumed that every dollar of revenue would fall to the bottom line. Instead, growth has brought complexity, and along with it, many hidden costs. As our colleagues state in the recently published book The Founder’s Mentality, “Complexity is the silent killer of growth.” It raises costs, slows innovation time to market and impedes decision making across the entire organization, usually without delivering proﬁtable growth. In fact, for many healthcare companies, unfettered investment in growth actually creates a drag on the core business (see the Bain Brief “Simplify to Grow in Healthcare”). Complex product portfolios, organizations, processes and geographical footprints also increase a company’s vulnerability to compliance delays and oversights, including late ﬁlings and failure to update critical registrations.
Complexity is not the only cause of noncompliance, but the more complex a pharma portfolio or organization, the more difﬁcult it is to maintain a rigorous approach to compliance. One of the best ways leadership teams can manage that risk is to routinely review and simplify the business wherever they can, pruning product portfolios and streamlining the organization, processes and geographies. Simplifying has a triple beneﬁt: It improves patient safety, reduces the likelihood of compliance problems and creates healthier portfolios that can grow faster.
The cost of noncompliance can be substantial: Taking a Corrective and Preventive Action (CAPA) can total up to $10,000; addressing a warning letter may cost $2 million for a simple ﬁx or up to $20 million if it requires changes to production; and resolving a consent decree can top $100 million. Complexity can also lead to increased capital investments, higher operating costs on legacy products, supply chain distortions and inefﬁciencies, and surging costs to address compliance problems in real time. In the worst case, regulators can demand that companies pull products from the market.
Many pharma and medtech companies know the downside of complexity all too well. As steady growth expands compliance requirements, it can overwhelm the people and systems responsible for maintaining up-to-date licenses, labels and ﬁlings with national authorities. At the same time, increased complexity makes it harder to effectively manage surveillance systems that monitor complaints and inquires, including pharmacovigilance (PV) and post-market surveillance. That can create delays in responding to health authorities.
In addition, a more complex product portfolio creates a much higher level of noise in the system. Companies spend more time tracking and ﬁling reports on legacy products with low sales and proven safety records, detracting from the ability of quality, regulatory and PV staff to focus on the important signals affecting patient safety.
Finally, rapid growth leads to greater variance and complexity in the manufacturing process. That, in turn, can lead to problems with outsourcing partnerships, including quality control, handoffs and reliability of supply. It can also produce a mismatch in equipment or process capabilities between R&D and operations, limiting process standardization and impeding quality control when transferring technology.
One natural response to complexity is adding people to manage compliance functions. That approach, however, addresses the symptoms of complexity without tackling the underlying issues. It’s a costly reaction that, in our experience, rarely reduces compliance risk. In fact, large, resource-intensive compliance departments often struggle with effectiveness: The more people and processes a company deploys to manage compliance, the more noise and bureaucracy it can create.
Complexity increases the underlying risks of noncompliance. The consequences can include interruption of the drug-substance supply chain, late filings or out-of-date registration, which often lead to pulling products from market. Both medical-device recalls and new-drug shortages linked to quality problems have risen sharply over the past ﬁve years (see Figure 2).
What are the warning signals that noncompliance is reaching a danger point? There are many, but a couple of key indicators are worth watching closely. One is an increase in errors in tracking, ﬁling and updating of registrations. A company’s regulatory department in any given country typically spends more than 50% of its time just keeping the portfolio in compliance. An ever-expanding product portfolio can put constant strain on in-country resources and processes. When a portfolio is complex, even small changes can often lead to a cascade of required updates. These constant, incremental additions can overwhelm local systems, especially IT and document management, increasing the risk of expensive work-arounds or errors in ﬁlings.
A second warning signal is product code proliferation, which often arises when companies enter new markets with unique label language or regulatory requirements. A sharp increase in product codes can undermine manufacturing quality in two ways. The first comes from sharply increased production activity linked to additional country-speciﬁc batches. For many manufacturers, increased production alone heightens the risk of noncompliance. On average, the number of batches produced at each site accounts for 30%–50% of the quality. The second is the risk associated with changes to testing and labeling. With product code proliferation, simple or routine changes suddenly can become difﬁcult to implement by the required deadlines.
Another red ﬂag: frequent variations in test methods, equipment and raw materials, and especially the introduction of nonstandard production requirements. Each time a company alters these factors, it can slow the production process and add signiﬁcant risk.
Finally, frequent policy changes can signal risk. Companies may need to implement policy changes to accommodate local health authorities when entering new markets or update policies to reflect nuanced requirements of individual products (even those with very small volume). When companies change policies frequently, due to internal or external factors, managers often don’t pay enough attention to implementation, which increases compliance risk. Local ofﬁces may require corporate support in drafting local policies, infrastructure investments, additional resourcing, and capability building. In a worst-case scenario, complex policies can result in conflicting guidance at local sites. They also can reduce efficiency by trying to force-fit unworkable standards across a broad and diverse set of products and plants.
Companies that fail to read these warning signs and understand the link between complexity and compliance may take steps that improve a single function, but not consider the aggregate impact of their actions, setting off a doom loop that leads to ever-increasing compliance risk and cost (see Figure 3).
Leading companies reduce the risk of noncompliance by simplifying across the spectrum of products, organization, processes and geography. Their leadership teams take a programmatic approach to identifying and rooting out unnecessary complexity across all functions. Importantly, they recognize that getting it right requires transforming some key elements of the business and the organization. Their approach typically includes ﬁve steps:
- Diagnose the problem: First they evaluate which products, geographies and customers contribute most to proﬁt or are likely to in the future, and which do not. Then they collect data on complexity using the quality, supply chain, pharmacovigilance and other surveillance systems to analyze the primary causes of compliance risk.
- Deﬁne the goal clearly: They develop an action plan for transforming the portfolio, including stock keeping unit (SKU) reductions, geographic footprint restructuring and policy changes.
- Identify the cost of complexity and build the business case: They assess the cost and revenue opportunities that can reduce complexity, and use facts gathered on complexity, the corporate strategy and the compliance and risk assessment to make a strong business case for change.
- Create alignment across the organization: Leaders link the supply chain, production and purchasing on the one hand, and R&D, regulatory, marketing and sales on the other. They ensure experts from each part of the value chain coordinate openly to determine the right balance of complexity, proﬁtability and compliance.
- Track complexity and keep it out: They also make sure the underlying surveillance systems monitor complexity across the company, including product portfolio, quality control and compliance.
The most effective way to reduce compliance risk is to simplify the portfolio and organization, eliminating the root causes of complexity. Companies that take action before problems surface will create significant value, improve patient safety and manage growth more effectively.
Maria Gordian is a partner with Bain & Company based in New York. Jason Evers is a partner in Bain’s Chicago ofﬁce. Both are members of the ﬁrm’s Healthcare practice.