John Pennett’s Life Sciences practice at EisnerAmper ranges from fledgling companies in incubators to global pharmaceuticals, but his insights here on implementing compliance controls, assessing reputational risk and vetting third-party vendors are widely applicable. His remarks have been edited for length and style.
MCC: Can you share some of your experience and background with our readers?
Pennett: I have headed our Life Sciences practice for the 12 years I have been at EisnerAmper and for about 10 years at my firm prior to that. My experience includes helping entrepreneurial companies think about ways to finance and grow their business, to develop their products, and to put systems in place to achieve those goals.
The clients I serve range in size from very early-stage incubating companies through venture and private equity backed companies, and into public companies. I just finished my two-year tour as co-chair of the Center for Commercialization of Innovative Technologies, an incubator located in New Brunswick, New Jersey. I serve as an advisor and mentor at eLabs, which is a New York City–based virtual incubator, and as a content provider/mentor/panelist at several other incubators in New York, New Jersey,
California and Pennsylvania. Those are fun groups to work with, and helping younger companies is always exciting.
MCC: Your life sciences practice covers many aspects of compliance and regulatory advice. What’s a sampling of best practices for life sciences companies when they are dealing with the U.S. government?
Pennett: Some companies separate their business into two distinct units – one that sells to the government and one that does not – believing this is a more
effective way to isolate the commercial activities from the governmental activities. There is a point of view that considers the practice not as transparent as it could be, though setting up sister companies along those lines is becoming an increasingly popular mechanism.
Certainly regardless of whether that happens, good communication and active educational programs are required to make people aware of what pricing rules require in terms of the impact on sales to the government and the company’s certification process. Pharmaceutical companies have been under a lot of scrutiny, so education and zero tolerance toward deficiencies with corporate rules and regulations is very common.
MCC: When selling to the U.S. government, what compliance issues do companies face with relation to the pricing rules and certification you just mentioned?
Pennett: There are a pretty complex series of rules regarding pricing when selling to the government, and it generally revolves around the concept of the “average sales price.” The government mandates that its programs get your best price, and the company, typically the CFO, provides a certification of its pricing guidelines on a periodic basis. This certification involves crunching a lot of data – and a thorough understanding of the government pricing rules and definitions.
There is, and should be, a lot of attention paid to the compliance activities around the government pricing criteria. A company can get into trouble, for example, if a salesperson offers a discount to one client and somehow the government is paying a higher price than that. In certain circumstances, the price certifications are then inaccurate, and the government is entitled to a refund.
A lot of mistakes occur that are not necessarily fraudulent in intent, just the happenstance of deals that maybe didn’t make it through all the channels for approval. It requires a lot of diligence, attention and education so that both the sales and operational personnel, as well as accounting, know what is going on and they are properly reporting their prices and filling out their certifications.
MCC: To take a broader view for a moment, how does pricing work generally within pharma and life sciences companies? What is your perspective on the ethics of pricing?
Pennett: There are little, if any, regulations that would not allow companies to increase their prices. They are still commercial ventures, and they still have those rights. In some cases, there are obviously contracts that they need to comply with, but at the expiration, they can change the price.
The dilemma that executives face – and now it has become more acute to the board of directors too – is weighing the commercial goal of increasing pricing and increasing profits, therefore improving returns to the stakeholders, versus the reputational risk of increasing prices by more than what is perceived to be an acceptable level. Some companies have been very successful at turning underperforming products into well-performing economic products, but that reputation risk requires careful thought. It’s a very, very delicate balance.
Obviously the current testimony in Congress will be going on for a while, but I don’t know that any changes in the rules and regulations will necessarily come out of it. Certainly drug pricing and the overall healthcare costs throughout the entire chain are going to continue to be under a large degree of scrutiny. Legislators have an easy target in the perceived deep-pocket pharmaceutical companies.
MCC: Where do shareholder rights end, if ever?
Pennett: You could make an argument that it is the company’s responsibility to its shareholders to try to maximize the return on the assets that they own. If the markets will allow a price increase, supply and demand would mandate that they have to think about that. In certain global markets, legislative bodies determine pricing of product – the company just has to decide if it wants to participate in that market.
The other side of that coin is that you are either dealing with governmental payers, private insurers or in some cases even private payers, and they are bearing the cost increase. So where is that line between what is reasonable in terms of economics versus the perception of being too aggressive in the pricing models?
MCC: So then how can companies use profit sharing or royalty deals to increase
their revenue?
Pennett: A lot of companies do use profit or revenue sharing arrangements to drive more product activity through their books. There has been an increasingly large quantity of quasi-virtual pharmaceutical companies – often good marketers that don’t have the physical capabilities to manufacture the products themselves – that partner with other groups that either own the technology or are manufacturing the product. This way they take advantage of their own skill set in marketing, say, to drive product revenues for the group as a whole, and for them in particular.
Some very creative deals have been done that make the economics work for both sides in terms of how those profits and royalties are shared, as a way to bridge the economic gap between commercialization risk, technology and approval risk, and ultimately what the competitive risk may look like. These risk-sharing deals often are designed to help cash flow considerations for one or more of the parties as well.
MCC: Many life sciences companies work with offshore vendors for clinical trials, manufacturing and other services. How can they minimize the risks in those relationships?
Pennett: The risk that you have to manage whenever you are dealing with any outsourced vendor, but in particular an offshore vendor, is strict adherence to quality measures and compliance with rules and regulations. As an example, some Indian generic pharmaceutical manufacturers have been in the news far too frequently for compliance aspects with respect to Food and Drug Administration regulations on manufacturing facilities.
With any outsourced facility, especially one that is not so easy to visit on regular basis, having a really strong sense of comfort that the vendor is totally embracing the quality aspects and requirements is critical. That is applicable both in the clinical work as well as the manufacturing and distribution side of the business. The industry has had too many black eyes to accept any degree of noncompliance, so you need to be really careful that you are building into your processes the mechanisms to review, audit and monitor the quality of the work that your partner is doing throughout the process.
MCC: What indicators should corporate in-house lawyers look for in terms of risks with offshore vendors?
Pennett: Luckily, with respect to the FDA and the other regulatory agencies, there is a lot of information in the public domain. You can see from a diligence perspective how a company has fared historically in its compliance activities. A significant amount of diligence with respect to quality procedures is critical, and that includes talking to their customers and other vendors associated with them to get a sense of comfort that the vendor you are looking at has both the right policies and procedures and the right mind-set toward compliance.
MCC: It appears that in recent years there has been a break between regulatory advisors and compliance teams. Can you talk a little bit about how their roles and responsibilities differ?
Pennett: The compliance teams have been more along the lines of your traditional internal auditors, so they are checking that people comply with the particular rules in place. More of that is now being driven by systems and technology, so certain aspects, like Sunshine Act reporting, that used to be manually intensive are now done through technology.
The regulatory advisors are focusing more on the processes and building those best practices into the company’s operation. These are educational aspects: They are building the culture around compliance, around conformity, so you see more chief compliance officers, chief ethics officers and positions like that being developed. Those jobs are being given a much higher degree of visibility within organizations, especially within the pharmaceutical industry. A lot of companies are putting attention in that area because of the negative press about the industry as a whole.
MCC: Let’s talk about the internal controls, specifically for life sciences companies. What do they look like?
Pennett: A lot of pharmaceutical controls are based around information technology and the volume of data received from vendors and customers. With third-party logistics companies, wholesalers and manufacturers, an awful lot of data is gathered throughout the supply chain and the sales life cycle. Most companies use technology in a very significant way to keep track of these large volumes of transactions, analyze the data, check for contract compliance and proper classifications, and group and analyze it.
One of the really important areas for pharmaceutical companies is to make sure that they have excellent internal control policies and procedures around their IT environment, especially surrounding third-party data. Making sure that data is coming into your organization, going through the IT systems, and being stored, secured and backed up properly is critical to the organization. Further, pharmaceutical companies are acutely aware of the need to meet any threat of cybersecurity attacks – especially with respect to the volumes of personalized information maintained. Cybersecurity is an area of great concern for chief information officers, executives at pharmaceutical companies and boards of directors.
Published May 3, 2016.
