In today’s life sciences industry, mergers and acquisitions are becoming ever more prevalent as a means to ensure that strategic, operational, and financial goals are met, and that customers and patients have the products they need. The planning and execution of a partnership is often vetted thoroughly in terms of complementary product lines, financial goals, strategy for market presence, and access for those who need it.
However, one component not frequently addressed in today’s life sciences ever-changing world of mergers and acquisitions is the culture of compliance: how its role, structure, and expectations can vary greatly in two organizations that have decided to create a strategic partnership. While, prior to agreement, many companies provide compliance certifications, summary compliance reports, information related to potential or current investigations or litigation, and a general understanding of compliance infrastructure in place, compliance executives need to step back and look critically at the impact that an acquisition or merger will have on compliance operations and how their risk profile will change. With today’s government scrutiny of compliance process and procedures, and the fact that a purchasing organization is often held responsible for the prior actions of purchased organizations, compliance needs a larger role in the decisions and execution of alliances. While the list of potential compliance issues to review can be daunting, there are four main areas to consider before and immediately after a merger or acquisition:
- New Product Risk Profile: Additional scrutiny comes not just from becoming a larger and more predominant player in the market, but also from the compliance risks associated with an increased portfolio and the operational pitfalls that come with integrating them into one system of oversight. Products, as well as a pipeline that involves research and clinical trials, can bring two very disparate systems of oversight in collision. Newly integrated products may have everything from a more significant off-label risk to a larger presence in social media. How will compliance adjust to new and varying levels of risk and additional levels of complexity? Compliance needs to assess what risks come with an integrated model and how they plan to address these from systems, training, employee, and auditing perspectives.
- Operations and Systems That Will Impact Compliance Activities: Compliance needs to determine what systems or overarching processes are in place in both organizations that may need to be merged or redesigned. T&E systems, aggregate spend systems, grant portals, clinical research organizations, and employee versus 1099 models are just a few of the potential areas that will impact how and when compliance can leverage data and information to perform and report on everything from monitoring and auditing to training and education. Compliance needs first to develop a strategic plan to determine what systems are most critically in need of review and overhaul, and then to determine an operational plan for when and how to address components that will need to be merged, redesigned, or eliminated.
- Comparative Compliance Structure: Compliance departments are often minimally staffed, and compliance functions are often leveraged to other areas, such as Audit, Human Resources, and Information Technology. Key strategic roles, such as a chief compliance officer or compliance director, could end up as duplications in a merged structure. Compliance should assess the needs of the combined organization and vet how a newly integrated compliance department can adequately address changing or increased needs for the organization.
- The Culture of Compliance: Both organizations should have a realistic understanding of the different norms and expectations for compliance and of what model they will follow in a future state. How codified are various processes and procedures? How integrated is compliance in daily operational decision making? Some companies utilize compliance as the objective “cop”—a final reviewer, an auditor—while others use compliance as a strategic partner embedded into operations and partnering in business decisions at the very beginning of initiatives. Where does each company sit in the continuum, and where will the newly developed organization sit? How codified and proscriptive is each organization in its compliance expectations, policies, and procedures? How tightly are certain activities monitored or audited for compliance? Will employees be overwhelmed by a bevy of new requirements, or will they be overwrought by a sudden lack of structure and “rules” that they were used to?
At the end of the day, compliance executives need to design a plan to address compliance culture and infrastructure differences. Without proactive planning, compounding complexity and human error can let more issues than ever before “fall through the cracks.” Compliance should create both strategic and operational plans that stratify their risk and lay a road map for implementing change. Based on increasing volume and/or product diversity, along with new and varying levels of risk, how will you re-stratify your auditing and monitoring plan? How will you conduct training and education? How will you modify policy and procedure? How will you staff a new, combined compliance department adequately and appropriately?
Compliance executives need to determine which changes should come first and the burning platforms that need to be addressed before or immediately after the agreement. Compliance should be a strategic partner to determine priorities and create an actionable plan that considers both timing and potentially limited resources involved to mitigate risk in the future. In this way, the company can be ready with the structured plan so that it can move quickly to implementation once the newly formed organization is in place.
Compliance integration may not only seem insurmountable, but also can keep compliance executives up at night. However, with an actionable plan that is grounded in the companies’ fundamental cultures and dovetails with existing infrastructures, compliance can successfully mitigate risk and keep a company on track to achieve its operational, strategic, financial and patient goals.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.