The New and Expanding Role of the CCO

March 20, 2006
The chief compliance officer sets the tone for the entire organization.

As pharmaceutical companies increasingly focus on regulatory concerns, a new executive role has emerged almost overnight. The latest star in the C-level pantheon at most drug makers is the chief compliance officer (CCO).

Suddenly, the CCO’s role — a combination of purview, prominence and power — has taken on a new sheen. What once was viewed as a part-time task, merely part of a chief legal officer’s or CFO’s job, today warrants its own position.

There is a definite trend to broaden the role of compliance and the CCO in the industry, notes Brent Saunders, senior vice president for global compliance and business practices at Schering-Plough Corp. (Kenilworth, N.J.). “But the role of the CCO is not uniform,” he says. “My mandate at this firm is among the broadest you’ll find, with responsibility for all risks in the organization.” Saunders reports to the CEO and sits on the company’s executive management committee. “It’s a very senior level position here, and I have full access to the board of directors,” he adds.

“The whole definition of compliance is to be proactive.”

– Brent Saunders, Schering-Plough Corp.

The big reason for the shift to a more all-encompassing CCO role is the more intensive regulatory setting. “Pharmaceutical companies are under the gun,” says Michael Littenberg, a partner at Schulte Roth & Zabel in New York, who advises boards on corporate and compliance matters. “They are under increasing scrutiny from the U.S. government, and there is more enforcement of the rules and regulations affecting the industry.”

Many compliance programs at pharmaceutical companies tend to focus primarily on sales and marketing practices. It’s no secret that the practices of the industry’s “detail” staff in promoting drugs to health care providers have been under fire from regulators claiming various abuses.

But compliance spans a much broader set of activities and business practices throughout the organization. At a recent gathering of chief compliance professionals, almost 60 percent of participants said that their companies planned to expand their compliance programs this year. “Compliance takes in manufacturing practices, clinical issues, sales and marketing, and employee conduct,” Saunders says.

“The whole definition of compliance is to be proactive, not just reactive to an enforcement problem,” Saunders adds. Slamming the door after the horse has fled the burning barn is no way to run a compliance program. The idea should be to adhere to requirements of the FDA, SEC and other federal and state agencies, as well as to find ways to build a culture that fosters compliance among employees.

The right tone

These stepped-up compliance efforts come at greater cost. On average, companies in all industries spend about $5.8 million per $1 billion of revenue for compliance efforts, according to Scott Mitchell, CEO of the nonprofit Open Compliance and Ethics Group (Scottsdale, Ariz.).

Companies must spend more than ever on compliance programs because the penalties for failure to do so are much greater than in the past. “Today’s environment is much more punitive,” says Carlo diFlorio, a director in the government risk and compliance practice at PriceWaterhouse Coopers.

The key to a successful compliance effort is the tone set by the company leadership. “If senior management and the board do not want to be bothered, you are not going to have effective compliance,” says attorney Littenberg.

“If you look at some of the corporate failures and investigations that followed, there often was the complaint that the compliance function was not adequately supported, rules were not followed, and compliance was not taken seriously,” diFlorio adds.

Training is critical to compliance success. Executives, line managers and employees need to be fully aware of the rules of their jobs, not merely how to make the business run. They also must believe that the company is firmly committed to sticking to these rules without exception.

“Companies must make very clear that they have zero tolerance for such unacceptable business practices as bribery,” says Littenberg. Fortunately, in the U.S., the business culture does not accept bribery but this stance does place U.S. companies at a competitive disadvantage in some overseas markets, he says.

Unlike other industries, CCOs in the pharmaceutical industry must ensure compliance with the 2003 Office of the Inspector General’s Compliance Program Guidance for Pharmaceutical Manufacturers. The document lays out a seven-point program for compliance programs in this industry, says attorney Littenberg. “Of course, each pharmaceutical firm must tailor its compliance program to its business,” he notes.

Drug manufacturers are at particular risk in certain areas, says Littenberg. These include the issue of data integrity regarding government reimbursement practices, the potential for kickbacks and other remuneration to health care professionals, and the specific need to comply with drug sampling laws.

The rationale for a broad compliance program is strong. “You have different compliance functions residing in different parts of the business,” Littenberg says. “For instance, FDA compliance is more likely to reside in the legal department, and responsibility for complying with Sarbanes-Oxley is in the CFO’s office.”

In manufacturing, the need for effective corrective and preventive action (CAPA) systems “is something that a compliance officer would be very much involved with,” Littenberg adds.

Going forward, the industry is likely to see an expanded role for the CCO into all aspects of the business, says Brian Riewerts, a partner in the pharmaceutical practice and head of the governance risk and compliance function at PriceWaterhouse Coopers in Baltimore. “You will see some barriers break down in the organization and CCOs will pick up the full complement of risk for manufacturing, quality, and information technology as well,” he says.

About the Author

Doug Bartholomew | Contributing Editor