The changing nature of risk is not the only challenge facing the compliance function; its remit is expanding too. Functional leaders are increasingly asked to provide insights that go beyond business risks. These include insights that can help organizations improve processes and controls, guide activities and make informed strategic decisions.
In one example, a life sciences organization’s compliance function helped ensure the smooth global rollout of a new process to govern its fee for service activity. The global legal and compliance team monitored activity during the rollout’s pilot phase to identify noncompliance and rectify gaps in understanding before the full international launch. The team carried out further monitoring when a bespoke system to support governance of a fee-for-service model was implemented. This provided insights into updates needed during the design and implementation phases.
The life sciences industry’s compliance functions are now monitoring a broader range of suppliers beyond traditional third parties, such as distributors. Reflecting increasing risk levels, there has been a heightened focus over the past 18 months on ensuring that third parties, such as patient support program providers, comply with company expectations and contractual obligations. This broad compliance coverage allows organizations to better understand their risk landscape and proactively factor monitoring results into third-party risk profiling and risk management procedures.
This wider, value-added role is explored in a recent EY report Global Life Sciences Benchmarking Report 2024 (pdf) based on a survey of nine leading life sciences businesses. One compliance leader interviewed comments, “On the one hand, we're trying to keep our business safe. On the other, during the monitoring processes, we're trying to find some process gaps, inefficiencies or ineffective controls, so that we can drive process enhancement.”3
Delivering business insights
Technology and data analytics are providing the compliance function with the tools to deliver such crucial insights. Analytics, for example, can allow companies to see and contrast organizational trends and themes. This will help inform future actions and priorities, while AI can drive automated insights from vast pools of data.
Holding the keys to such insights has elevated the importance and status of the compliance function. In the EY report, one compliance leader states, “There’s been a shift from being seen as a controlling function and gatekeepers of everything, to being more of a business partner, aligned and agile with the business objectives.”
The strategic value that compliance leaders can now hold is seen in their rise within organizations, with chief ethics and compliance officers increasingly joining executive committees and leadership teams.
More effective ways of working
The compliance function is transforming the way it works to meet its expanding remit, as the report explores.
The level of risk is now central to the design of the monitoring process. Eighty-two percent of compliance leaders say they have adapted their approach to reflect market risk rather than focusing on policy deviations within a broad, often universal, sample as was previously done.
Often perceived as siloed, the compliance function is now working much more collaboratively. This reflects the demand from other business leaders for compliance function-sourced data to help them manage risk and make informed decisions in their own departments. Ninety percent of compliance leaders say other groups access their analytics platform for this.
Flexible operating models
Most function leaders have now moved to “centralized” delivery models. This often involves a global unit overseeing a centrally devised program, supported by regional or local teams and is part of a general shift from a uniform, top-down monitoring approach. Almost three-quarters of respondents now tailor their programs, checklists and protocols for each review, in collaboration with local teams.
Review locations have also changed. Forty-five percent of compliance leaders say they now execute monitoring tasks both on-site and remotely, with 27% doing so entirely remotely. The move to hybrid and remote monitoring was expedited by COVID-19, which accelerated the development of tech and processes to enable electronic access to compliance data.
Compliance is also being increasingly delivered with external help. Forty-five percent of surveyed companies outsource a part of their monitoring program, with 80% flagging cost efficiencies and lack of internal resource as key drivers. The need for specialist expertise — in areas such as risk management, language proficiency and technical ability — influences 40% of interviewees to outsource their work to external providers.
Harnessing advanced technology
Along with identifying insights, advanced technology and data analytics can help compliance functions manage their increased workload more efficiently. The EY report states, “Data analytics, AI and automation greatly improve the ability to detect legal and reputational risks and describe them (typically in a quantitative way).”4
All respondents to the EY life sciences survey say that their companies use rules-based analytics to support monitoring, with 70% also deploying machine learning tools and 60% using robotic process automation and AI. However, companies vary significantly in the level of sophistication when applying this technology.
A few companies are pushing boundaries in harnessing analytics for risk detection and mitigation. One life sciences company uses advanced behavioral techniques to identify teams more likely to engage in noncompliant events. In monitoring the sales force, the business scrutinized 30 behaviors that historically preceded substantiated investigations or HR issues. The organization aggregated the results to focus on team culture or training improvements rather than on individuals.
In another example, AI is being used to monitor third parties for anti-bribery and corruption risks. One organization has created a network map of relationships between entities, third parties, individuals and government officials, overlaid with internal datasets. This provides insights, such as comparing declared conflicts of interest with actual ones; identifying if individuals from a new third party previously worked for a predecessor, and detecting instances where someone receives multiple payments for working with more than one third party.
Challenges within the tech promise
Although there are industry trailblazers, the EY survey reveals that most life sciences compliance functions are currently not fully leveraging advanced technology. It indicates that compliance heads cite technology and innovation and data availability as key challenges in the past two years. Many are still struggling with one of the preliminary steps in the analytics maturity curve: the sourcing, collating and linking of good, accurate data. This often stems from fundamental internal stumbling blocks, such as inadequate and inconsistent datasets and nonintegrated legacy infrastructure.
Data presents both external and internal challenges. Balancing the rewards of using AI and other advanced techniques with data privacy and ethical considerations is cited by compliance leaders as one of the top three business risks.
The speed offered by new technology offers the promise of proactive monitoring — providing insights to prevent noncompliance before or as it occurs. However, for many, this remains an aspiration. Most compliance leaders surveyed want 60% of their programs to be proactive, but currently, only 43% meet this goal.
The majority of compliance functions surveyed acknowledge it will take up to five years before they fully leverage analytics to identify patterns, trend and outliers; use AI to increase efficiency, automate and identify future risks, and apply technology to enable more real time or regular monitoring. The compliance function of the future, as one respondent envisages is, “A lot more automated, a lot more digitized, with a lot more compliance by design and leveraging artificial intelligence” — and is still some way off. However, life sciences compliance leaders are committed to its realization.
A new type of compliance leader
The pivotal role that advanced technology can play in helping compliance functions manage risk and identify business opportunities requires compliance leaders to evolve their own skills too.
Function leaders must now be experts at interpreting data as well as risk. The Institute of Risk Management says that data analysis and modeling is the second most important risk management skill, after technical expertise. “Risk professionals need to be adept at analyzing large volumes of data to identify patterns, trends and potential risks. Building skills in data analysis tools, statistical modeling and data visualization can greatly enhance your ability to make informed decisions and provide valuable insights to stakeholders.” Consequently, those who do not acquire such skills risk being left behind.
The EY survey demonstrates how the life sciences compliance function is changing to keep pace with evolving risks. In transforming its operations and delivering tech-enabled insights, it can help organizations combat these risks and improve their operations. Moreover, by spearheading this evolution and developing their own skill sets, compliance leaders can position themselves firmly at the heart of the corporate leadership team.
