Compliance and the critical role in business success

Shefali Kothari, vice president and chief compliance officer of Novartis (US), discusses the critical role of compliance programs to proactively identify risks, foster ethical business practices, and contribute to the overall success of the organization.

According to Kothari, compliance professionals are now utilizing skills like problem solving, communicating within a complex matrix, business acumen, and strategic thinking to take the entire business to the next level. It’s not just about running the core elements of a compliance program—that’s a must—but “when compliance seeks to deeply understand the business objectives and help teams understand the risks in their context and language, then true value is added,” said Kothari. “The business genuinely appreciates our ability to understand the nuances and apply a risk-based mindset to problems.”Shefali Kothari, vice president and chief compliance officer of Novartis (US)

Kothari explained that compliantly structuring interactions and transfers of value with customers is a fundamental area of healthcare compliance, and one that continues to evolve as the healthcare landscape changes with new therapeutic areas. While Kothari explained that the playbook is well tested in this area, it is vital that organization’s not lose sight of it.

Additional risk issues that have been added to that playbook include data privacy and now, more recently, artificial intelligence (AI).

Kothari sees data privacy as a topic that has evolved over time to become more critical to be embedded in business operations. She explained that when she joined the company in 2011, a corporate privacy office served various affiliates, however, as time progressed, it was rightly decided that data privacy needed to be closer to the business and became part of the local compliance teams. Data privacy also gets tricky with acquisitions of large amounts of third-party data, with multiple consent pathways, as well as the complexity of current US privacy requirements among the 50 states, which is rapidly evolving.

“Compliance needs to actively support the company in stewarding privacy by assess the situation and pulling through the legal advice into practical solutions,” Kothari said. Then, classic compliance comes into play, involving robust testing and monitoring to ensure guardrails remain intact.

Advancements in AI, while a newer risk area for compliance teams, are being integrated into the compliance framework swiftly due to the immediate risk recognition and desire to ramp up use of AI quickly in organizations.

“In the US, the extent of AI regulation over the next several years remains uncertain. But we want to develop a framework of assessing the risks and pragmatically monitor AI in uses that are high risk,” Kothari said. “And while pharma companies are not building their own AI, but licensing it, compliance needs to ask the right questions of the vendors to understand what we are getting, and how are they monitoring the tool to make sure it’s not, for example, introducing bias in its output that could be damaging to the company or people in the company.”

AI represents what Kothari sees as the inevitable tension that may exist between compliance and business: the desire to adopt and optimize new technologies at pace while also ensuring reasonable measures are in place to prevent potential harm or undue risk.

Meeting challenges effectively

“The pharmaceutical sector has a lot of regulations and standards, for good reason, that are not intuitive outside of our sector. It’s important to guard against people misunderstanding or making assumptions that aren’t rooted in a clear understanding. One of our most important jobs is to consistently debunk the mythology on what can and can’t be done and explain why with clarity.”

Periodically reviewing and simplifying your company’s compliance policies and procedures can add significant value by reducing unnecessary complexity. “Periodically, you need to sit back and ask: What was the risk? What were we trying to save ourselves from?” Taking time to make this a regular practice is beneficial to a hearty compliance program and assists with promoting compliant behavior because it eliminates complexity that’s causing confusion.

“These conversations are valuable because they help ground my team on the risks we see today and give us confidence to remove outdated controls. It is not typical for compliance to “take away” constraints, but the lack of clarity that can occur with undue complexity can also introduce risk. These discussions energize my team as they want to find ways to clear paths, where it’s reasonable and appropriate to do so.”

Kothari aims to help everyone understand the risks that Compliance may be concerned about. “When I took this role (VP, US chief compliance officer) four years ago, I was passionate about building a team that deeply understood the underlying risks and knew how to communicate them with clarity back to the business. Four years later, we have made tremendous progress. I love that I can walk into a meeting with my team and they know that their first job is to frame the risks clearly. It’s not always easy – but the harder it gets, the more fun we have!”

Learn more about the compliance function at an upcoming event.

Header image: Depositphotos@@ IgorVetushko