+49 [0] 69 25 73 75 264 info@catuslaw.com

Compliance Management
Episode 5: Compliance Processes – Establishing the Framework

In episode 4 of this series, we saw that guidelines – often called “policies” – are the backbone of a CMS.

What exactly are “processes”?

If guidelines provide necessary structure and mark the expectation horizon, processes transform business operations into a defined sequence of steps.

In general, a distinction is made in business processes between leadership or management processes, the value-creating core processes directly related to the company’s products or services, and supporting processes. The last category includes risk analysis processes and, therefore, compliance processes. Regardless of how detailed the process descriptions are, they should depict processes and tasks within the company as clearly as possible, and specify that they are binding.

Ideally, business processes – and thus compliance processes – should be described so that the reader understands how processes and tasks within the company are currently running (“existing processes”) and how they should run (“target processes”).

Describing Processes

Charts can often be useful in depicting processes. There are software programs (such as Visio or Lucidchart) that can help visualize processes, but for less complex processes PowerPoint shapes do the job, too.

In any case, well-known and reliable systems should be used to create the visual. For years now, the Object Management Group Inc. (“OMG”) has been defining and standardizing the basic elements of process description and the procedure for process modelling (see https://www.omg.org/).

Standard Operating Procedures (SOPs) are a common way of implementing processes. SOPs generally describe the following (1) the aim and purpose of the process, (2) its application, (3) the process itself, (4) who is responsible for it, (5) how the process is documented, and (6) steps for monitoring the process, if applicable.

Typical Regulations

Descriptions of compliance processes typically define roles and responsibilities which can be used to better manage and control especially critical (i.e. risky) activities.

The implementation of compliance processes can be illustrated by the example of interactions between the pharmaceutical industry and healthcare professionals. During such activities (training events, speaking or consultancy contracts, sponsoring, donations, etc.) compliance must be ensured with all requirements of competition and anti-corruption laws and rules of industry codes. A compliance officer will therefore carefully consider how he or she should approach this task (aside from standard approaches such as training and the preparation of contract templates) and pay particular attention to the following issues:

  • Description of roles and responsibilities (who is responsible for preparing the necessary paperwork, including a complete and accurate description of the cooperation arrangements and the need for them)
  • Regulation of the “dual control principle” and approval by the Compliance Officer
  • Implementation the separation between medical/scientific functions and marketing/sales
  • Evaluation of how services are provided
  • Prerequisites for invoicing and payment as well as integration into order and payment processes
  • Documentation requirements
  • Implementation of control and review measures (“Monitoring”)

An important reminder: Involve stakeholders early on!

When establishing processes, it is, as always, vital to involve as many relevant departments and players in the development as possible, for example in workshops using the brown paper method.

Training and Communication

As with guidelines, systematic communication and training is essential to the implementation of compliance processes. In addition, make sure that you regularly adapt your processes and keep careful track of versions (V 1.0, V 1.1, etc.), so that you always understand the big picture!

What’s Next:

In the next episode, we’ll address compliance procedures.

If you are unsure how to set up and run your compliance project successfully, please feel free to contact me.