Embracing technology is key for compliance professionals

Isabel Duffy, senior vice president, chief ethics and compliance officer at Merck, shared her insights on the evolving compliance landscape in a recent interview, ahead of her panel participation with other compliance executives to discuss drivers for change and upcoming challenges.

"The biggest change to the compliance officer role is the integration of data and technology," Duffy explained. While the core mission of helping companies achieve their goals compliantly remains unchanged, the methods are rapidly evolving. Isabel Duffy, senior vice president, chief ethics and compliance officer at Merck

Traditionally, compliance relied heavily on communication skills—the ability to counsel, persuade, and clearly convey rules and expectations. Now, a new skill set is emerging:

"We still need [communication skills], but we also need compliance professionals who can dig into the data, look for trends and start predicting where things might be going wrong so that we can use data in a preventative way. We also need to automate things to lessen the administrative burden of compliance measures on companies," Duffy noted. She stresses that these are very different skill sets than typically existed in a compliance organization in the past. “How do we introduce those skills? How do you upskill people who have been in the counselling realm to feel more comfortable around data? How do you upskill data people to have a better understanding of the regulatory framework?”

To help address this, in February 2024, Duffy restructured her compliance group to elevate an operations and technology role to her leadership team.

In the year since restructure, Duffy reports positive outcomes. "I've been surprised at how often, during leadership team discussions, my operations point will say, 'That's a problem that could be solved with technology’ in a way we haven't been focused on before." For example, the creation of dashboards or workflows that enhance employee experience.

AI nascence but building rapidly

Of course, AI is one technology that presents both opportunities and challenges for compliance teams. Duffy breaks down her approach into two parts:

• Mitigating Risks: Ensuring responsible use of AI tools within the company, addressing concerns such as bias, data protection, and intellectual property safeguards.
• Leveraging Benefits: Using AI to advance compliance efforts, making implementation easier and more effective.

To address the risk mitigation aspect, a governance structure implemented by a cross-functional team has been created. "We've set up a policy. We have implemented a review process for people to bring forward their uses so we can make sure that AI uses are all being reviewed in the proper way."

While many companies are still in the early stages of AI governance, based on her discussions with external colleagues and benchmarking, Duffy feels her team is making progress: "I feel like we're on par, if not slightly ahead of others, as far as having at least an established cross-functional team and a process by which people can bring forward uses."

However, she acknowledges the ongoing nature of this work, emphasizing the need for continued training and awareness, especially as AI becomes more embedded in everyday software tools.

“There's other elements of AI that aren't so much use cases, but software with AI built into it,” said Duffy. “We’re trying to help employees recognize when AI is incorporated into software they're using and what is appropriate or not appropriate to utilize.”

Duffy emphasizes the importance of having a human in the loop to review AI-generated material, as well as controls around the use cases. For example, the use of AI in the first draft of a regulatory filing should have much more stringent controls vs. AI used to summarize an email.

As the team works to catalogue and centralize AI use cases, as well as ensure they are reviewed, Duffy feels the best way to drive compliance is to ensure employees understand that, as a company, our uses of AI will be scrutinized at some point. “We want to calibrate the uses so that we avoid what we’ve seen some companies do, which is shut it down completely, but at the same time, not have a free-for-all. We want AI to be introduced in sensible and controlled ways,” Duffy said.

As far as leveraging AI’s benefits for the compliance function itself, Duffy is very optimistic. “I have a lot of enthusiasm and optimism about the way that [compliance] might be able to use AI. We have tremendous amounts of data available to us and the government is expecting us to use that data. Without tools like AI, that can become very overwhelming,” said Duffy. She hopes AI will be able to help digest available data and help leverage it toward monitoring efforts.

Compliance through compassion

As Duffy explained, Merck is a 134-year-old established company with a strong purpose and reputation. Instead of compliance through fear, having a settlement or CIA as a negative hanging over employees, Duffy believes it’s more effective to focus on the positives.

“[We have] our long-standing legacy and our reputation, which is so important to patient trust, physician trust, regulator trust and our ability to fulfill our mission,” Duffy said, “If that trust breaks down, we can't get our medications to the populations who need them.”

Duffy acknowledged it’s difficult when something does go wrong, especially when a lot of work has gone into prevention, but compliance programs are designed to assume things will go wrong sometimes.

“I think that's the reality of the world,” said Duffy. “But take those events and learn from them and do the appropriate remediation—not just with that individual or that individual situation—but take a step back and look at the broader controls, what control failures contributed to that happening.”

Duffy recommends that staying attentive to established programs doesn't mean inflexibility, it means “keeping an open mind to change and being comfortable tackling new issues as they arise."

Duffy's approach—balancing caution with optimism, and tradition with innovation—offers a roadmap for compliance professionals facing similar challenges. As AI and other technologies continue to evolve, so too must the strategies and skills of those tasked with ensuring ethical and regulatory compliance in the pharmaceutical industry.

Learn more about the Compliance function at our upcoming conference.

DEPOSITPHOTOS@ pichetw