The Five Competencies of Continuous Regulatory Compliance

Look at any country or region with a strong generic pharmaceutical and active ingredient manufacturing sector, and you are sure to see a diverse industry with business models that range across a spectrum. That spectrum is typically comprised of fine chemical and API producers, generic drug manufacturers and marketers, CRAMS (Contract Research & Manufacturing Services) providers, specialty pharmaceutical companies promoting smaller niche brand portfolios, young companies developing NCEs or applying new technologies to old molecules, all the way to billion-dollar fully integrated enterprises with global businesses that range from API production to research and development of novel small molecules, biologics and biosimilars.

Nowhere is this kind of industry dynamic more apparent than in India, often and rightly referred to as “the world’s pharmacy”, where hundreds, if not thousands of firms of various sizes and business models, all coexist at different stages of growth, pursuing their own particular strategies and ambitions, each with their individual strengths and capabilities.

Figure 1 shows the typical growth and development trajectories of many companies in the generic pharmaceuticals segment over the past 30 years together with the business drivers that often prompt these companies to change what they do.

 Figure 1. Industry Growth Model

Regardless of their location, size and sales revenues and where these companies exist on this growth continuum, one of the many challenges they face as their businesses develop, includes that of managing regulatory compliance. Companies must continuously adapt to changing regulatory requirements while effectively managing the associated costs and resources required to fulfill those requirements. As companies embrace new business models or new markets, completely new regulatory systems may come into scope and will need to be fully understood before they can be applied. A new system of in-house standards and procedures must be developed, and staff fully trained as the new standards are established throughout the business.

For example, an Indian generic manufacturer familiar with GMP (Good Manufacturing Practice) introducing a new contract research service will most likely now need to understand and implement GLP (Good Laboratory Practice) and GCP (Good Clinical Practice) in a way that meets the regulatory requirements for prospective customers in multiple countries, internationally and perhaps even globally. Take the example of a US-based contract manufacturer wishing to enjoy the improved margins and opportunities created by developing its own portfolio of generic products instead of making products for other companies. While the business may already be well-versed in GMP compliance, distributing and marketing its own line of products brings many new regulatory requirements into scope, not least of may be new serialization and “track and trace” rules.

Therefore, as companies find new markets for their products and services, the task of managing compliance requires an intimate understanding of regulations in each and every country of operation, regardless of language. Local practices must be understood, embraced and regulatory requirements reflected in in-house quality controls, standards and procedures. Finally, companies must balance these requirements with often conflicting demands and pre-ssures caused by the market, competition and changes in technology. Figure 2 shows how compliance requirements manifest within each type of business and how a number of current initiatives by regulators impact the organization.

 Figure 2. Industry Growth Model with Current GxP Impacts

With all this in mind, managing compliance efficiently has never been more important. Compliance applies at every stage of the product lifecycle, from pre-clinical research to market authorization and from market authorization to commercialization. Steps must be taken to ensure compliance across all groups involved in research, pre-clinical testing, clinical development, dossier preparation and submission, manufacturing, distribution, marketing and post-approval activities. For many companies, this must be done at a local, regional, international and even global basis.

The Indian pharmaceutical industry has not been without issue with regard to meeting the challenge of regulatory compliance in recent times. Many companies have paid a heavy price for failed regulatory inspections, data falsification and quality issues, some of whom are still dealing with implementation of required corrective actions many years past the original inspection. April 2016 for example, has seen Ipca, Emcure and Sri Krishna Pharmaceuticals all cited for various GMP violations by the US FDA, illustrating that large, mid-size and small manufacturers of varying ages still struggle with compliance issues. Meanwhile, following recent actions by the French regulator (ANSM) and subsequent withdrawal of a GMP Certificate at Anuh Pharma, the WHO has removed two APIs produced by the company from its pre-qualified supplier list.

While the direct monetary impact of these failures and implementing the required corrective actions can be very significant, non-compliance can adversely impact a company’s reputation, leading to lost customers and a reduced capacity to win future work. Companies must often work twice as hard again to win back the confidence of ex-customers and pro-spects in the face of regulatory failures. Other long-term follow-on impacts that compound losses include delays to product approval and market uptake, product recalls, import bans, invalidation of clinical trial results, consent decrees that result in loss of control of manufacturing facilities and dwindling market share. Some companies have even weakened to a point where they have been easy prey for their acquisitive competitors.

What can companies do to ensure that compliance is maintained at all times and across every aspect of the business that requires adherence to regulations? Figure 3 below shows five interdependent competencies in which companies must excel in order to succeed in today’s fast-changing regulatory landscape:

 Figure 3. The Five Competencies of Continuous Regulatory Compliance

Competence #1: Companies Need To Understand, Compare And Contrast The Regulations In Each And Every Country Of Operation In Order To Develop The Most Effective Strategy To Maintaining Compliance Across The Enterprise

Companies need access to a constantly upto- date repository of regulatory requirements issued by each regulatory agency that’s within the operational scope of their business. The repository should organize documents in such a way as to allow for rapid determination of the common elements and differences from country-to-country. Doing so will enable regulatory staff to quickly identify the minimum set of requirements necessary to maintain compliance across all jurisdictions and thereby design the most expeditious internal standards and procedures that meet those needs. Companies may also seek the guidance of local regulatory experts in each country of operation in order to understand the full meaning and intent of regulations.

Foreign languages, the sheer number of documents involved in even simple regulatory systems, and the pace of change to regulations are all factors that make this a complex exercise. Most companies would rather not invest large amounts of resource in collecting and maintaining regulatory documentation, so automating these tasks and allowing staff to focus on the more valuable “internal translation” of the requirements into company standards and procedures can offer a considerable advantage. It is not uncommon for regulatory inspectors to demand evidence that all these types of controls are in place in the business. Having in-country regulatory experts can also help guard against problems caused when there are differences between the letter of the regulations and guidelines in a country and how the local regulator behaves during inspections. Not following all of these disciplines can have a significant impact on a company’s market expansion and partnership ambitions.

Having regulatory personnel who are intimately familiar with the global regulatory environment also bestows another important advantage on these companies in that they are often able to contribute to regulatory developments and influence the future direction of regulations.

Competence #2: Continuously Monitor Regulatory Changes, Rapidly Interpret And Understand The New Requirements And Their Impact On The Business

Regulations are under constant change in every country of operation and companies often struggle to dedicate the right level of resources to monitoring these changes. The problem is often compounded when operating in countries where documents must be translated into the local language or English without losing the intent and meaning of the changes. A company’s ability to keep abreast of changes and speed of response to those changes may also be affected by translation issues.

To maintain ongoing compliance, companies must have systems in place that notify key personnel of changed or new requirements at the earliest possible opportunity. Those staff should be able to quickly interpret and understand the reasons for the change, and be able to identify the scope and nature of changes required to internal standards and procedures in order to align with the required changes. Companies holding market authorizations are also responsible for pharmacovigilance, and must be able to respond to quickly to product complaints from patients, investigate quality issues or conduct recalls in an organized manner if required. Again, in-house standards and procedures must reflect current requirements in each market in which products are sold.

Without these controls in place, internal standards can quickly become out of date or the amount of changes and the activities to implement them soon overwhelm regulatory staff, both of which increase the risks of non-compliance. Inspectors will want to be sure that your company can prove that it was and still is, in compliance at all times.

Competence #3: Act On Regulatory Updates In A Timely Manner

Once the required changes to in-house standards and procedures are identified, the business should move quickly to implement the required changes, ensuring that old versions of documents are retired and replaced with the latest copies.

Once again, it is quite likely that regulatory inspectors will demand evidence of the company’s processes and systems that are used to track changes to regulations, identify audit trails and that controls are in place that ensure that in-house standards and procedures are up-to-date, in alignment with the latest requirements and that only the latest versions of in-house regulations are in use within the business.

Competence #4: Provide Training For All Stakeholders To Ensure Company-Wide Compliance.

Ensuring that the standards and procedures in use by the business are up-to-date and aligned with the latest applicable regulatory requirements may not be enough to convince regulators that compliance requirements are being met fully.

To guarantee compliance, all stakeholders must be regularly trained in the use of standards and procedures in all settings in which they work. It is important to note that staff should be trained in ways that ensure that they appreciate not just the “how” of what they must do in order to work in a compliant manner, but also the “why” of what is being demanded by the appropriate regulations and the “who” of the person or persons that are ultimately responsible for ensuring compliance in each business process under consideration.

Competence #5: Provide Regulatory Input Before And During Inspections To Minimize The Risks Of Future Non-Compliance

The best businesses learn not only from their own mistakes but also the successes and failures of their competitors.

Indeed, some companies, rather than take a “lowest common denominator” approach to meeting multi-country compliance needs, may choose to implement a “higher than the highest denominator” strategy. In this way, they seek to not only set the highest standards for themselves but at the same time position compliance as a competitive differentiator, maybe even influencing regulatory inspectors who see a higher level of compliance at play than at other companies, for example.

Regulatory staff should maintain a watchful eye over inspection reports, enforcement actions, and annual reports and compliance statistics published by regulatory agencies. Industry trade shows and conferences often feature valuable presentations by regulatory agency staff concerning current activities, trends and information on the future direction of regulations. These sources should be carefully analyzed for mistakes and corrective actions by other companies that can be applied to strengthen in-house standards and procedures and thereby minimize the chances of future compliance issues.

Having identified these five competences, what approaches are companies, especially newcomers to a segment or market, commonly using to try to meet these important needs and why are some of them ineffective?

1. Follow the rules and regulations selectively based on available, time, budgets and resources and hope that you aren’t caught.

  • The problem with this approach is that eventually, and often quickly, companies are indeed caught. As discussed earlier, getting caught can at best be an expensive mistake. At worst, it can lead to decline of a brand’s reputation or even the closing down of an enterprise.

2. Use internal teams of junior staff to monitor free resources on the Internet.

  • There are numerous problems with this kind of approach. It’s difficult for teams to build a deep knowledge and understanding of foreign regulations from far away. There are language barriers and translation required, which without the help of a native speaker may miss the real meaning and intent of the regulation or miss an update altogether if appropriate systems are not in place. It is often difficult to ensure that data is being assembled in a consistent and comprehensive manner across all countries, and finally, a significant amount of time needs to be spent on assembling data and generating useful comparative data across regulatory systems from one, single centralized repository of up-to-date documents with audit trails.

3. Use consultants.

  • Without a single consultant that can cover multiple countries and do so in a consistent and comprehensive manner, additional time and effort needs to be spent in assembling the data from multiple partners. Remember that consultants have other customers too, and that your project might not be their immediate priority. Finally, unless you have regular, daily contact, can you be sure that your consultant is 100% up-to-date with activities in all countries and keeping you informed of new and changed regulations in a way that doesn’t blindside your business?

4. Rely on a CRO or other partner to provide the regulatory work.

  • The problem with this approach is that ultimately, the regulator will view your company as the responsible party in the work. A small biopharma innovator may have its NDA dossier rejected by the regulator and may blame the CRO but the regulator holds the NDA filer responsible for the content of the dossier. Similarly, if a generic company uses a CMO to manufacture its products and those products fail inspection, as the market authorization holder, the generic company is ultimately responsible, even though the problem may be with the CMO and its internal standards and procedures. The generic company needs to take steps to ensure that its suppliers operate in a compliant manner.

Ultimately, each of these approaches will fail to build the necessary five competences in the business or carry with them certain risks that can lead to significant breakdowns in compliance.

Companies successfully navigating the five competencies, do so with a reputable partner that is able to provide the following products and services:

  • Up-to-date coverage of pharmaceutical regulations covering every segment of business in every country of operation, regionally or even globally.
  • Some suitable choice of common language, for example English, should be employed for translations from foreign languages.
  • Translations preferably carried out by in-country regulatory experts who can retain the spirit, meaning and intent of the regulations as well as “the letter of the law”.
  • Secure document repositories that are well-indexed, searchable, clearly show the audit trail of changes that a regulation has gone through over time with the latest version clearly marked.
  • Automatic expiration of out of date regulations with notification to key regulatory staff.
  • Archives of older documents that are available for reference, since these are often removed without notice from national authority websites from time to time, or perhaps where an authority only ever publishes a current version.
  • Immediate alerting of changed or new regulations to key regulatory staff with details of potential responses companies may take.
  • Comparison documents that allow key elements of regulations to be examined across countries, regions and globally and help identify the most effective route to take for the development of internal standards and procedures.
  • Newsletters that keep regulatory teams fully abreast of the changing regulatory environment in their countries and regions of interest, and details of regulatory actions and trends so that teams can be proactive in improving internal standards and procedures. The partner should be able to supply the necessary expert consulting to advise on the likely future direction or implication of new regulation if not immediately obvious, which can often be the case.
  • Ability to quickly generate custom standards and procedures that match company capabilities, operations and meet the latest applicable guidelines and regulations.

Choosing the right regulatory partner provides important additional confidence that the company has the right approach to staying in compliance, employs standards and procedures that minimize time, effort and risk, chooses the right pathway to market and has an efficient and streamlined process for ensuring that it is constantly informed of, and aligned with the latest regulatory requirements.

Mike Chace-Ortiz, CEngis the Senior Director, Generics, at Thomson Reuters Life Sciences in Portland, ME. He can be contacted via phone at 1 207 808 7980 or Email: [email protected]

Odile Le Roy des Barres is Director, Regulatory Intelligence at Thomson Reuters Life Sciences in Paris, France and can be reached at +33 153062014 or by email at [email protected].

Celine Rodier is a Regulatory Solutions Consultant at Thomson Reuters Life Sciences also in Paris, France and can be reached at +33 611332827 or by email at [email protected].

  • <<
  • >>