The COVID-19 pandemic has caused widespread economic, social, and political turmoil. For US-based medical device manufacturers, the economic fallout has been particularly severe. The halting of nearly all elective surgeries has slowed revenue to a trickle, forcing companies to look for creative ways to reduce costs and adjust to the bleak new reality.
When considering cost-cutting initiatives, compliance functions should use this opportunity to reevaluate their third-party due diligence processes, which often represent significant outlays in terms of external spending and internal work hours, particularly during the third-party onboarding and renewal process.
This can be broken down into three concrete measures: (1) reexamine your distribution network, (2) insist on a robust business justification, and (3) utilize technology and commercial teams in the renewal process for low-risk third parties. Ideally, this would begin with an honest appraisal of your existing distribution network.
Reexamine your distribution network
Segmenting and scrutinizing a company’s third-party distribution network on a country-by-country basis will undoubtedly yield interesting results. There are likely distributors in far-flung regions of countries that have disconcertingly low sales numbers, or sales agents who have not made a sale in years. In many cases, the cost of running due diligence on these third parties is greater than the revenue they provide. Consider terminating these relationships, which not only cuts costs, but can reduce the company’s overall risk exposure, especially if located in a high-risk jurisdiction.
For this endeavor to be effective, regional or in-country commercial teams need to be actively and sincerely consulted. With the lack of elective surgeries forcing sales representatives to pivot from their usual sales activities, compliance teams must utilize this opportunity to work closely with them. Sales representatives can offer crucial on the ground knowledge of a country’s commercial landscape that the compliance team likely lacks. Even better, loop in the company’s country general manager to join in the discussions to provide a nuanced, high-level understanding of the country’s third-party network.
Insist on a robust business justification
If the reexamination of the distribution network is a retroactive exercise in cost cutting, implementing a robust business justification requirement is its proactive partner. This should come as no surprise to compliance and legal teams, as the US Department of Justice’s (DOJ) April 2019 guidance makes special note of the need to ensure “appropriate business rationale” for the use of third parties.
During the approval process (for new third parties or renewals), compliance managers should not let any third party move forward without a detailed explanation as to why this specific third party is necessary. If the third party is in a metropolitan area, does your company currently have other, already approved third parties in the same area? What hospitals or clinics is the third party targeting? Does the company have preexisting relationships or connections to said hospital that can be leveraged, instead of onboarding a new third party?
The COVID-19 context should strengthen the compliance function’s ability to act as gate keeper. By making third parties enter through the narrow gate, compliance managers can help reduce future external spending on due diligence for new third parties.
Utilize technology and commercial teams in the renewal process for low-risk third parties
How is the company currently dealing with third-party renewals? Presumably, the approval periods are determined by risk level, with the higher-risk third parties on a shorter approval window and the lower-risk entities given a longer leash. As the renewals come due, particularly for the high-risk third parties, significant investment in time and money is often needed from compliance teams to proceed with due diligence renewal. Additionally, many companies have limited visibility and/or monitoring capability in the time period between when a third party is first approved and when it is renewed.
But what about the lower-risk third parties? In line with the company’s risk assessment framework, compliance teams should explore breaking down the renewal process into smaller, repeatable steps to reduce external spend. First, the company should employ technology to use automated and regularly scheduled database checks on the third parties both against international databases as well as the company’s own internal blacklist or restricted entities list. Engaging with a compliance or due diligence partner may also offer the option of low-price, recurring adverse media checks. These checks provide added visibility and insight into the third party over time, and at a reduced cost compared to traditional due diligence efforts.
Second, commercial teams who onboard the third parties should be asked to provide regular (quarterly, yearly, etc.) updates on the third party. These updates can include ownership changes, emergence of any new red flags, or changes in the volume of business. By involving your commercial teams, you can avoid paying an external vendor to obtain this information by means of an expensive due diligence investigation. The continuous participation of the commercial teams in renewals dovetails nicely with the first point of this article: it will help identify underperforming third parties that can be terminated for further cost savings and overall risk reduction.
With the consistent flow of data from technology platforms as well as the commercial groups, compliance teams should have enough information on hand to make efficient and informed decisions on renewals, limiting the investment in external spending and time spent by internal compliance team members.
COVID-19 is truly an unprecedented situation that will have far-reaching implications for the medical device industry. Compliance teams can use this as an opportunity to position themselves to company directors and executives as a creative and integral contributor to cost cutting initiatives. Equally as important, these measures—reexamining your distribution network, insisting on a robust business justification, and utilizing technology and commercial teams in the renewal process—will help compliance functions improve their capabilities for effective third-party risk management.
About the Author
Matthew Couillard leads TDI Compliance’s consulting engagements, providing clients with strategic advice on the establishment or augmentation of global compliance programs. His work focuses on building compliance and investigative solutions that assist clients in upholding and enforcing international business and ethical standards. To this end, he regularly establishes customized programs for Fortune 500 companies and multinational corporations in the medical device industry.