- Case study
Improving anti-bribery and anti-corruption compliance through third-party due diligence
How a global biopharma company achieved Foreign Corrupt Practices Act (FCPA) compliance across its global operations
Who we worked with
A global biopharmaceutical company focused on developing life-changing therapies for people living with rare disorders.
How we helped
Genpact worked with the company to:
- Create a scalable risk monitoring program that can prevent or detect violations of internal policies and procedures, as well as government or industry regulations
- Design and launch a robust third-party risk management program that streamlines and standardizes operations across all global offices and subsidiaries to improve operational efficiency and minimize regulatory risk exposure
- Foster culture and compliance that can adapt to and meet the needs of a continuously changing regulatory environment
What the company needed
- A clear and comprehensive anti-bribery, anti-corruption (ABAC) policy and procedures to guide the organization's 25 global offices and its subsidiaries
- A standardized compliance risk assessment and review methodology to unite a sprawling team of stakeholders and their disparate reporting processes and tools
- A streamlined vendor onboarding process to address operational inefficiencies and ensure compliance with local and industry regulations
What the company got
- A robust third-party risk management (TPRM) program and associated policies, procedures, and processes that received a 'no monitoring' or 'self-reporting' verdict from regulators
- A highly scalable and adaptable compliance framework that follows a risk-based methodology that can evolve to meet ever-changing global regulations
- Consistent quality, reduced risk exposure, and improved operational efficiencies through process standardization and streamlining
Challenge
Enabling compliance across the organization's 25 offices and subsidiaries worldwide
Regulations exist for a reason. They keep people safe. They protect our environment. They ensure a fair and ethical playing field across industries.
And though all regulations must be adhered to, they can prove difficult to understand, manage, and observe – especially within a rapidly changing global landscape.
Such was the case for our client, a US-based pharmaceuticals pioneer that serves patients in over 50 countries, through 25 global offices and a worldwide network of subsidiaries.
And though the company's global presence helps maximize the impact of its life-transforming therapies, it also presents significant challenges. For one, the company must ensure compliance with a variety of industry and geographical regulations, including the Foreign Corrupt Practices Act (FCPA) and the United Kingdom Bribery Act 2010 (UKBA). Failure to comply with these regulations and other guidelines could lead to costly delays in the drug development or approval process, as well as expose the company to hefty penalties.
Given the rapidly changing nature of the regulatory landscape within the pharmaceutical industry, it was important for the company to build a third-party risk management program that would not simply address current regulations on a case-by-case basis but scale and adapt to meet future needs. To that end, it needed to find a solution that would enable several critical capabilities related to risk management, including:
- Risk-based due diligence methodology, risk rating rationale, and audit trail requirement
- Comprehensive ABAC and supplier code of conduct policies and procedures, customized for each country of operation
- Automated, centralized, intelligent third-party screening to ensure third-party due diligence (TPDD) coverage across all operations
- Dedicated global compliance team to monitor all relevant activity and evaluate possible violations or concerns
Solution
Complete compliance, today and tomorrow
By embracing the compliance-as-a-service model (CaaS), the company was able to quickly improve its compliance maturity while also future-proofing the business against the next wave of regulatory change.
Our compliance program consisted of two main components – designing the TPRM program in line with regulatory expectations and running managed services that leveraged our team of compliance experts. The program addressed three key areas: due diligence, onboarding, and risk assessment and segmentation.
Take a copy for yourself
Designing a TPRM program
For this company, compliance was an important issue to manage across its 25 global offices and network of subsidiaries, as well as throughout its vendor ecosystem and supply chain.
To that end, our joint team began by determining a set of predefined assessment triggers, parameters, and questionnaires for each of the three focus areas in the vendor risk management lifecycle. We then rationalized interdependencies across compliance and finance teams to increase efficiency and eliminate redundancies in TPRM tasks.
With those foundational elements in place, we then benchmarked onboarding processes against leading practices to identify operational gaps. As part of this process, we developed comprehensive and robust risk-based onboarding, TPDD, and risk assessment and segmentation frameworks that combined predefined parameters with a variety of supplemental assessments including ABAC questionnaire reviews, an Office of Foreign Assets Control (OFAC) sanctions check, ongoing third-party monitoring, and remediation-action tracking.
In so doing, we were able to streamline and standardize the vendor assessment process, scoring methodology, and reporting templates. We also enabled real-time visibility of the supplier base through dynamic dashboards and comprehensive audit trails to focus the risk and compliance teams' attention on the highest-priority actions.
Finally, we worked with program leaders to introduce the new methodology and educate their teams about these new ways of working. This also included change management aspects of cascading transparent policies, procedures, roles, and responsibilities.
Running managed services using the CaaS model
During this engagement, Genpact acted as an extended risk advisory arm to the company.
In this capacity, we provided end-to-end vendor risk management services, interacting with suppliers, business owners, and compliance and finance stakeholders spread across 40 countries. This included conducting comprehensive ABAC reviews, risk assessment, and risk classification. We also monitored third-party risk profiles for timely implementation of mitigating controls and authentic proofs.
In our role as a risk advisor and transformation partner, we helped the client develop a scalable solution that delivered consistent TPRM quality at a lower cost.
Impact
Better outcomes – for the business and the people it serves
Through our engagement, we helped the pharma company develop a comprehensive, effective compliance program that ultimately resulted in a 'no monitoring' or 'self-reporting' verdict from regulators.
By standardizing and streamlining the onboarding process for vendors, it was also able to increase the number of ethical and transparent suppliers, improving due diligence outcomes for more than 1,800 high-risk third parties and proactively identifying red flags for approximately 35% of vendors. The system also performed OFAC sanctions screening checks for more than 2,500 third parties.
The compliance-as-a-service model also helped the company unlock valuable efficiencies for the business, reducing cycle time for due diligence, onboarding, and risk management assessments. This resulted in improved quality and enhanced scalability at a lower cost.
Visit our enterprise risk and compliance services page
Most importantly, the company was able to focus on what it does best: developing transformative therapies that change the lives of people living with rare diseases.