Improving anti-bribery and anti-corruption compliance through third-party due diligence

Regulations exist for a reason. They keep people safe. They protect our environment. They ensure a fair and ethical playing field across industries.

And though all regulations must be adhered to, they can prove difficult to understand, manage, and observe – especially within a rapidly changing global landscape.

Such was the case for our client, a US-based pharmaceuticals pioneer that serves patients in over 50 countries, through 25 global offices and a worldwide network of subsidiaries.

And though the company's global presence helps maximize the impact of its life-transforming therapies, it also presents significant challenges. For one, the company must ensure compliance with a variety of industry and geographical regulations, including the Foreign Corrupt Practices Act (FCPA) and the United Kingdom Bribery Act 2010 (UKBA). Failure to comply with these regulations and other guidelines could lead to costly delays in the drug development or approval process, as well as expose the company to hefty penalties.

Given the rapidly changing nature of the regulatory landscape within the pharmaceutical industry, it was important for the company to build a third-party risk management program that would not simply address current regulations on a case-by-case basis but scale and adapt to meet future needs. To that end, it needed to find a solution that would enable several critical capabilities related to risk management, including:

• Risk-based due diligence methodology, risk rating rationale, and audit trail requirement
• Comprehensive ABAC and supplier code of conduct policies and procedures, customized for each country of operation
• Automated, centralized, intelligent third-party screening to ensure third-party due diligence (TPDD) coverage across all operations
• Dedicated global compliance team to monitor all relevant activity and evaluate possible violations or concerns

By embracing the compliance-as-a-service model (CaaS), the company was able to quickly improve its compliance maturity while also future-proofing the business against the next wave of regulatory change.

Our compliance program consisted of two main components – designing the TPRM program in line with regulatory expectations and running managed services that leveraged our team of compliance experts. The program addressed three key areas: due diligence, onboarding, and risk assessment and segmentation.

For this company, compliance was an important issue to manage across its 25 global offices and network of subsidiaries, as well as throughout its vendor ecosystem and supply chain.

To that end, our joint team began by determining a set of predefined assessment triggers, parameters, and questionnaires for each of the three focus areas in the vendor risk management lifecycle. We then rationalized interdependencies across compliance and finance teams to increase efficiency and eliminate redundancies in TPRM tasks.

With those foundational elements in place, we then benchmarked onboarding processes against leading practices to identify operational gaps. As part of this process, we developed comprehensive and robust risk-based onboarding, TPDD, and risk assessment and segmentation frameworks that combined predefined parameters with a variety of supplemental assessments including ABAC questionnaire reviews, an Office of Foreign Assets Control (OFAC) sanctions check, ongoing third-party monitoring, and remediation-action tracking.

In so doing, we were able to streamline and standardize the vendor assessment process, scoring methodology, and reporting templates. We also enabled real-time visibility of the supplier base through dynamic dashboards and comprehensive audit trails to focus the risk and compliance teams' attention on the highest-priority actions.

Finally, we worked with program leaders to introduce the new methodology and educate their teams about these new ways of working. This also included change management aspects of cascading transparent policies, procedures, roles, and responsibilities.

During this engagement, Genpact acted as an extended risk advisory arm to the company.

In this capacity, we provided end-to-end vendor risk management services, interacting with suppliers, business owners, and compliance and finance stakeholders spread across 40 countries. This included conducting comprehensive ABAC reviews, risk assessment, and risk classification. We also monitored third-party risk profiles for timely implementation of mitigating controls and authentic proofs.

In our role as a risk advisor and transformation partner, we helped the client develop a scalable solution that delivered consistent TPRM quality at a lower cost.

Through our engagement, we helped the pharma company develop a comprehensive, effective compliance program that ultimately resulted in a 'no monitoring' or 'self-reporting' verdict from regulators.

By standardizing and streamlining the onboarding process for vendors, it was also able to increase the number of ethical and transparent suppliers, improving due diligence outcomes for more than 1,800 high-risk third parties and proactively identifying red flags for approximately 35% of vendors. The system also performed OFAC sanctions screening checks for more than 2,500 third parties.

The compliance-as-a-service model also helped the company unlock valuable efficiencies for the business, reducing cycle time for due diligence, onboarding, and risk management assessments. This resulted in improved quality and enhanced scalability at a lower cost.

Most importantly, the company was able to focus on what it does best: developing transformative therapies that change the lives of people living with rare diseases.