Risk Mitigation: Six Preventive Strategies for Life Sciences Procurement

These days, the life sciences industry is focusing very intently on enhancing its speed to market, despite the ever-increasing complexity of its supply chains. Moreover, growing competition and specialization are forcing product life cycles to shrink, making it more critical than ever for R&D to go hand in hand with manufacturing and commercialization. At the same time, expanding and managing relationships with third parties is becoming a key enabler for organizational cost effectiveness. Within this multi-party universe, it takes immense effort and numerous hand-offs before the product meets the patient/customer. All these intermingling stakeholders and touch points feed the potential of risk, which can significantly affect ultimate outcomes.

Supplier risk mitigation techniques are often developed as a hindsight-based science, and supply chain/procurement leaders relying on such practices have struggled to predict and mitigate risk. Many procurement leaders start out by trying to address questions like:

• — Have we built a risk and compliance assessment program?
• — Have we published guidelines and principles for risk management?
• — Have we trained team members to become champions of the process?

However, the most critical questions that often remain unanswered are:

• — How will this program work in practice?
• — Have you created a check-the-box process or just a “paper tiger”?
• — Does your instituted process provide real-time tracking of relevant metrics, or does your system only kick-in once an issue is realized?

Unfortunately, for a majority of firms, many of these questions don’t even get addressed until an adverse event occurs. A well-structured system includes approaches for risk identification, impact assessment, worst-case scenario evaluation and predictive mitigation plans. Such a system not only allows planning organizations to manage risks more efficiently, but also ensures quick recovery in case of unforeseen circumstances.

What are the effective forward-looking risk mitigation techniques or best practices that life-sciences procurement leaders can adopt to de-risk their supply chain and gain a competitive advantage? Let’s look at some of these approaches and strategies which, if adopted, will advance your organization toward a low-risk environment, helping you actively monitor risk while emphasizing areas that are seldom considered but can have a significant impact on mitigating risk.

Institute risk evaluation as a key priority during the supplier evaluation and selection process

First and foremost, as procurement teams go out to market searching for new and better suppliers, risk evaluation should be prioritized depending on the potential business impact from the respective service or product being sourced. Life sciences companies are generally exposed to many different types of third parties owing to their complex supply chains. These suppliers can have access to substantial sensitive information, such as clinical trial patient health records, intellectual property, proprietary therapeutic area product development plans, etc. If these are improperly managed, the third parties can pose a serious risk to the organization. Third-party risk management is a key strategic growth driver for life sciences companies, and procurement organizations should pursue clear supplier relationship management (SRM) activities outlining effective ways to monitor and manage their information. Additionally, effective business partnering behavior among procurement leads is critical, and can be implemented through regular touch points with respective business leaders to anticipate effects on the supply base due to changing needs.

Clearly identify contingency plans in category strategies

Developing and regularly updating your supply/category strategies can be a key activity ensuring procurement readiness for sudden changes in the supply base due to unforeseen circumstances. Category strategies not only help develop the vision for a spend area in alignment with business requirements, industry best practices and market variations, but also act as a critical tool for evaluating and mitigating risks to business continuity.

As an example, a Fortune 200 biopharma company had collaborated with an external consulting partner to develop category strategies and establish category management activities for several indirect spend areas. The client procurement-consultant team had recently aligned on a solid category strategy for the fulfillment category when one of the preferred suppliers suddenly filed for bankruptcy. This information was first received by the business on a Friday afternoon, when the marketing teams were in the middle of several critical product launches which could now be jeopardized. However, by Friday evening, the back-up fulfillment supplier, a logistics partner for inventory relocation and the incumbent supplier had already been contacted with next steps by the procurement team. The entire inventory was moved from Texas to New Jersey over the weekend and there was no disruption to the business. This became feasible because of pre-alignment with the business on a fulfillment category strategy that clearly identified continency plans in case of disruptions. Marketing and procurement leads worked as a seamless team and avoided any confusion or panic; this enabled a smooth transition.

Develop closer collaboration between procurement, legal and compliance teams

Better alignment between procurement and compliance teams will ensure that procurement is fully armed for supplier negotiations with the latest regulatory and legal changes for protecting the company via stronger contracts and processes in areas of high potential risk.

• Compliance risks involving bribery have plagued the pharmaceutical industry for a while now:
  • A Fortune 200 pharmaceutical company, for example, had been exposed to significant compliance risk for the past few years, with the most recent bribery allegations being claimed by the Greek authorities in December 2016. In total, this firm had been the subject of five bribery and corruption enquiries in the past few years. The settlement penalties have been huge, totaling to about $550M.
  • In 2012, another Fortune 100 pharmaceutical firm paid $60M to settle charges in the U.S. because its overseas subsidiaries had bribed health care officials to gain regulatory approval for the company’s drugs and boosted sales in 12 countries.
  • In 2015, a Fortune 200 bio-pharma settled charges of bribing state-owned hospitals in China for improving prescription sales by paying more than $14M.
  • The highest U.S. Foreign Corrupt Practices Act (FCPA) fine ever for a pharmaceutical company and the fourth-highest settlement across all industries, amounting to $519M, was paid in 2016 by an Israel-based Fortune 500 company. The company entered into a deferred agreement with the U.S. DOJ and SEC for FCPA offenses in Ukraine, Mexico and Russia.
• The life sciences industry is specifically exposed to compliance risks due to the following key factors:
  • Growth of emerging markets: Most of the life sciences companies rely on increasing penetration/reach in emerging markets. Many such countries have bribery as a common practice and local laws are not strict enough. Despite these challenges, such markets are critical growth areas for the companies, and they often fall prey to the local business culture and incomplete due diligence. Of seven settlements reached in 2016, five were due to violations committed in China and Russia.
  • Health Care Personnel (HCP) definition issues: Regular and direct contact with health practitioners, doctors, pharmacists and hospitals can become risky when dealing with foreign organizations that may be state-owned. If state-owned, then, as per FCPA guidelines, such health care providers are classified as foreign officials, implying that any unauthorized payments or gifts given to them will be considered as bribery.
• One approach for managing these risks is to institute policy changes designed to offer better contractual and procedural controls. For example, a few firms changed their marketing efforts and purchasing policies in China following the bribery allegation settlements. But, while policy changes can help reduce such risks and improve compliance with procedures, they do not eliminate risk significantly. Procurement can create the right influence to reduce risks through focused due-diligence activities supporting the legal and compliance teams. The due diligence should check against sanctions and watch lists, and figure out ways to validate other open-source information on third parties. Inadequate due diligence, as we’ve seen in the above examples, can cause serious reputational damage and result in costly remedial actions.

Combine supply-demand planning with risk evaluation

Many times, supply-demand factors create a risk for a product even though the severity and probability of occurrence for such a risk is low. Procurement should collaborate with the supply-demand planning team to understand fluctuations in business requirements and forecast risk more effectively. A thorough requirements planning mechanism can not only help maintain the balance between supply and demand, but also — if this is combined with risk forecasting used by procurement teams — supplier-related risks can be managed more effectively.

Visibility into the operations of suppliers and external partners also offers an opportunity to realize new insights. As companies diversify product portfolios and the number of required vendors increases, the costs and risks associated with bringing on new ones must be controlled, and decisions regarding sourcing of materials must be streamlined. Supply-demand planning can help improve supplier relationship development and negotiations. This approach can offer a systematic and fact-based solution that can ensure an optimal supply base and improve companies’ total value proposition.

Additionally, sourcing optimization can be driven if companies review supplier performance by examining financial data, vendor capabilities and relevant organizational objectives. Vendor qualification is generally tedious for life sciences organizations, and so switching suppliers is not easy. However, the approach outlined can compare risk factors among pre-qualified primary and secondary suppliers, and recommend suppliers during product development, engineering and process qualification campaigns based on anticipated supply-demand fluctuations.

When working with one of the biotechnology clients, an external consulting partner successfully prevented frequent direct raw material shortages, which, in turn, could have led to production losses and order backlogs for a key revenue-generating product. This became feasible due to a thorough risk assessment and mitigation exercise that was conducted in collaboration with commercialization, manufacturing, quality, supply planning and sourcing teams. The inputs from the commercial teams were critical in determining high priority SKUs, while sales and supply planning teams provided insights into expected future growth and demand projections for these SKUs. These inputs were combined with manufacturing, quality and the sourcing team’s insights to determine potential sourcing-related risks.

As a result, the team identified a critical raw material supplier that was nearing capacity utilization and was in no position to support the expected increase in demand. With a relatively low spend (<$1M), this supplier could have been easily disregarded as “low risk” in a regular evaluation process, but actually could have impacted significant revenues (>$50M) for the client. Having identified this potential issue early, the consulting company worked with the client to develop a secondary supplier that was qualified to meet any excess demand.

Standardize and document S2P processes

Using S2P solutions, platforms should focus on improving documentation and standardization of sourcing, contracting and payment processes to mitigate compliance and audit risks. Being in a highly regulated industry, life sciences organizations need to maintain flexible but controlled platforms for managing third-party suppliers. Some of the aspects that should be considered are:

• Establish a single system to manage the life cycle of a third-party relationship including capturing spend, contracts and data exchanges. This data should be regularly updated and made readily available for monitoring, reviews and audit requirements. Information related to locations, certifications, performance metrics, etc. should also be captured.
• Institute education of buyers and business users about potential third-party risks and their impact to your business through regular training and communications.
• Develop and establish appropriate processes for requisition, on-boarding and management of third-party suppliers. Measure compliance to these processes.
• Increase spend under management while driving tail spend through controlled but expedited requisition channels (buying desks/catalog-based solutions), so that any third- party risks are evaluated even when active sourcing activities are not performed.

Benchmark and improve

Periodic efforts to compare with industry peers can lead to continuous improvement avenues, especially when it comes to applying newer risk management techniques and best practices to your organization. Increasingly, however, CPOs and business leaders are taking a more proactive approach through benchmarking to further develop risk-management capabilities (based on their strategic/economic priorities and future vision) into a true competitive advantage. The key objective is to ultimately improve business decisions and increase the value of the company in a risk-conscious way. Following are a few approaches to effective risk benchmarking:

• Supplier Negotiations and Selection: Security and performance metrics should be key discussion points whether you are selecting a new vendor or renewing with an incumbent. During such discussions, it is imperative that you understand the key performance indicators and safety considerations. Additionally, awareness of how the supplier in question compares with its peers is important for promoting a fruitful relationship. You should be able to address questions like:
  • — Is this supplier more secure than others in their industry?
  • — Does this vendor have proven and reliable performance?
  • — How responsive is the supplier in addressing known security vulnerabilities?
  You should use such information to better negotiate contract terms with your suppliers and set higher standards for what you expect for security performance in a third-party relationship.
• Drive Performance Improvement in Active Supply Base: If you have an existing relationship with a supplier, performance benchmarking can be a helpful tool in driving supplier relationship management activities. Instead of annual or periodic contractual assessments, review of performance metrics should be a continuous process. Such an approach will allow you to stay ahead of supplier issues and facilitate performance benchmarking against their industry peers. Additionally, if you have a “problem” vendor, you can more easily determine where to assign additional resources to help eliminate the risks.
• Communicate Performance Metrics in Business Terms: Increasingly, procurement professionals are being asked to articulate performance and business risks in terms that are better understood by businesses. These days, C-suites in life sciences companies are taking keen interest in gaining visibility into third-party security and performance evaluation measures taken by procurement. Performance and security benchmarking enables these discussions to be more powerful and substance-based. You can benchmark suppliers based on established industry standard metrics, allowing you to map the entire vendor portfolio into performance and risk tiers comprehensible for business leaders. Reports can also show performance changes over time for suppliers, which can help anticipate and prevent vulnerabilities in your business processes. Organizational leaders will finally be able to understand how third-party relationships are impacting security protocols and determine if risk thresholds for the business are being exceeded.
• In conclusion, risk management should become central to every step in the life sciences industry business and procurement processes. From gathering requirements, supplier selection and supplier management to performance evaluation and benchmarking, filling the gaps in risk management practices will significantly improve results for any procurement organization. While the above suggested approaches cannot, unfortunately, guarantee a risk-free environment for your business, they will certainly prepare you better to face any risks that plague the industry. And for the up-and-coming life sciences procurement professional, a thorough grounding in risk mitigation and management principles may be just what the doctor ordered!