+7 (495) 147 11 03
email
telegram
  EN
email
email
telegram

Compliance in the Russian Pharmaceutical Industry 

 

Anna Ivanova, Associate at BRACE Law Firm ©

March 7, 2023

 

Pharmaceutical companies face numerous requirements related to their operations. These requirements include both general obligations applicable to all organizations and special requirements depending on the organization's activity profile. The law establishes disciplinary, administrative, and/or criminal liability for potential violations. To avoid situations involving sanctions and subsequent business losses, organizations introduce internal control measures, referred to as a compliance system.

The concept of "compliance" was introduced into Russian practice relatively recently. Historically, compliance emerged in the early 20th century with the creation of the US Food and Drug Administration (FDA). The Agency began establishing rules to be followed by business participants in the pharmaceutical and food industries. The FDA became a regulator in the US market.

However, the scandals of the 1960s and 70s became the prerequisite for the development of compliance in the US. As a result of these scandals, the US Foreign Corrupt Practices Act (FCPA) was enacted in 1977, establishing strict control rules, requirements for accounting and financial documentation, and rules for interactions with government officials. In the late 1970s, the US created a number of regulators in other areas of business activity [1].

In Russia, the Central Bank of Russia Direction No. 603-U dated July 7, 1999, "On the Procedure for Internal Control over the Compliance of Activities in Financial Markets with Legislation on Financial Markets in Credit Institutions" provided the first definition of compliance control in Russia: "Compliance control is internal control over the compliance of activities in financial markets with legislation on financial markets within a credit institution, carried out in accordance with this Direction. Compliance control is part of the credit institution's internal control system" [2].

Currently, the Ministry of Labor of Russia has published on its official website the Methodological Recommendations for the Development and Adoption of Measures by Organizations to Prevent and Combat Corruption, which define the concept of "compliance" as follows: "Compliance is the assurance of the organization's activities' conformity with requirements imposed by Russian and foreign legislation, other mandatory regulatory documents, as well as the creation within the organization of mechanisms for analysis, detection, and assessment of risks in corruption-prone areas of activity and the assurance of comprehensive protection of the organization" [3].

As noted in the scientific community, Russia currently lacks official clarifications from competent authorities regarding the development of regulatory compliance programs for pharmaceutical companies. However, in the US, for example, the Office of Inspector General (OIG) of the Department of Health and Human Services published the Compliance Program Guidance for Pharmaceutical Manufacturers as early as 2003. It noted, in particular, that this comprehensive program provides a mechanism that assists in achieving the shared goals of the public and private sectors to reduce fraud and abuse; strengthen the operational functions of healthcare institutions; improve the quality of healthcare services; and reduce the cost of medical care [4].

Some authors conclude that: "the standard for a compliance program of medicinal product manufacturers can be considered a combination of the following elements: a proactive management approach or 'tone at the top', a separate compliance service or compliance manager reporting directly to global management, a code of ethics and other policies (e.g., on hospitality, interaction with distributors), regular training for personnel and counterparties, a compliance hotline, and independent periodic audits. Obviously, the formal presence of these elements does not mean that the compliance function is built reliably and meets modern requirements. More important is the implementation of a compliance culture in all areas of the company's activities: starting from the company's management, who must demonstrate commitment to compliance principles and adopted policies by their daily example, to junior employees" [5].

Thus, effective compliance control helps ensure the continuity and sustainability of corporate development. Therefore, the company's owners and executive bodies (e.g., the Board of Directors) are primarily interested in the implementation of this function. The company's executive bodies play a decisive role in shaping and developing the compliance culture, are directly and personally responsible for the effectiveness of compliance risk management in implementing corporate strategy, and thus maintain the company's reputation. Moreover, the CEO and members of the Board of Directors bear administrative, and in some cases, material liability for violations of the law [6].

Consequently, compliance control represents a complex and multifaceted mechanism affecting various areas of a pharmaceutical organization's activities. This article discusses the main directions of compliance in pharmaceutical companies.

Antimonopoly Compliance in Pharmaceuticals and Healthcare

Federal Law No. 33-FZ dated March 1, 2020, amended the Federal Law "On Protection of Competition" (hereinafter – "The Law on Protection of Competition") by introducing Article 9.1. Antitrust compliance became a distinct institution of Russian competition law, enshrined in the new Art. 9.1, according to which, to comply with antitrust legislation and prevent its violation, an economic entity has the right to organize "a system of internal assurance of compliance with the requirements of antitrust legislation".

To organize a system of internal assurance of compliance with antitrust legislation requirements, an economic entity adopts an internal act (internal acts) and (or) applies other internal acts, including those of another person within the same group of persons as this economic entity, if such internal acts apply to this economic entity. Said internal acts must collectively contain:

  • Requirements for the procedure of assessing risks of antitrust legislation violations related to the economic entity's activities;
  • Measures aimed at reducing the economic entity's risks of violating antitrust legislation related to its activities;
  • Measures aimed at the economic entity's control over the functioning of the system of internal assurance of compliance with antitrust legislation requirements;
  • The procedure for familiarizing the economic entity's employees with the internal act (internal acts);
  • Information on the official responsible for the functioning of the system of internal assurance of compliance with antitrust legislation requirements.

Effectively, it is specifically with this innovation that one can speak of the introduction of antitrust compliance in Russian legislation.

FAS Russia provides the most detailed clarification on the system of internal compliance with antitrust legislation requirements in Clarification No. 20 dated July 2, 2021. According to this, antitrust compliance is a system of internal assurance of compliance with antitrust legislation requirements. Antitrust compliance risks are risks of violating antitrust legislation related to the economic entity's activities.

It is noted that the organization of antitrust compliance is a right of the economic entity; the decision to organize it is made exclusively voluntarily and remains entirely at its discretion.

When organizing antitrust compliance, it is recommended to be guided by the following principles:

  • Management's interest in the effectiveness of antitrust compliance functioning, as well as employee involvement in implementing the provisions of the internal act on antitrust compliance;
  • Regularity of assessing risks of antitrust legislation violations;
  • Continuity of antitrust compliance functioning, as well as constant improvement and enhancement of antitrust compliance efficiency.

An economic entity has the right to submit to FAS Russia the internal act (internal acts) or a draft internal act (draft internal acts) regulating compliance issues. Application to FAS Russia is strictly voluntary.

The system of internal assurance of compliance with antitrust legislation requirements may be contained in either one or several internal acts on antitrust compliance.

The internal act (internal acts) on antitrust compliance or its draft (their drafts) submitted to FAS Russia must mandatorily contain the elements listed above in the Law on Protection of Competition.

FAS Russia reviews the submitted internal act (internal acts) or draft internal act (draft internal acts) within 30 days and issues a conclusion on their compliance or non-compliance with the requirements of antitrust legislation.

The result of the review is a reasoned conclusion by FAS Russia regarding the compliance or non-compliance of the internal act (internal acts) on antitrust compliance or its draft (their drafts) submitted by the economic entity with the requirements of antitrust legislation.

If the submitted internal act (internal acts) on antitrust compliance or its draft (their drafts) lacks any of the mandatory elements indicated above, and (or) if said act (acts) or its draft (their drafts) contains provisions contradicting antitrust legislation, FAS Russia issues a conclusion on its (their) non-compliance with the requirements of antitrust legislation [7].

As explained by FAS Russia, when developing internal acts on antitrust compliance, it is possible to use ISO 31000 Risk Management – Guidelines and ISO 19600 Compliance Management Systems – Guidelines. ISO standards were originally developed by the International Organization for Standardization ("ISO"). In effect, these documents set standards for the quality management system in an organization. Thus, according to GOST R ISO 31000-2019 "Risk Management," risk management is part of the organization's corporate governance and is of fundamental importance for management at all levels. It contributes to the improvement of the organization's management system. The main principles of risk management include:

  • Integration;
  • A structured and comprehensive approach to risk management, contributing to consistent and comparable results;
  • The risk management structure and process are customized and proportionate to the organization's external and internal context and its objectives;
  • Inclusiveness, which consists of appropriate and timely involvement of stakeholders, allowing their knowledge, views, and perceptions to be taken into account;
  • Risks can emerge, change, or disappear as the organization's external and internal context changes. Risk management anticipates, detects, acknowledges, and responds to these changes and events in an appropriate and timely manner;
  • Best available information. Any limitations and uncertainties associated with initial data and expectations are taken into account. Information should be timely, clear, and available to all stakeholders;
  • Consideration of human and cultural factors;
  • Continual improvement [8].

The application of ISO 19600 Compliance Management Systems is voluntary, except when an organization makes a public statement about its compliance management system's conformity with this standard. According to this document, when starting to create a compliance program, the standard recommends that the organization:

  • Understand the context in which it operates (internal and external risk factors);
  • Determine the list of stakeholders and record the needs and expectations of these stakeholders;
  • Determine the regulatory areas in which the organization needs to comply with mandatory norms;
  • Select the scope/scopes of application of the compliance management system [9].

FAS Russia also recommends following Order No. 1646/18 dated November 27, 2018 "On the System of Internal Assurance of Compliance with Antitrust Legislation Requirements in FAS Russia." This document was developed to ensure compliance of FAS Russia's activities with antitrust legislation requirements and to prevent violations of antitrust legislation requirements in FAS Russia's activities. However, a number of provisions can be applied by analogy. For example, by analogy with the mechanism proposed for FAS Russia, a pharmaceutical company may perform the following to identify compliance risks:

  • Analysis of identified violations of antitrust legislation in its activities;
  • Analysis of the company's legal acts, as well as legal acts aimed at regulating relations associated with the protection of competition, prevention, and suppression of monopolistic activity and unfair competition;
  • Analysis of drafts of local normative acts;
  • Monitoring and analysis of the practice of applying antitrust legislation;
  • Systematic assessment of the effectiveness of measures developed and implemented to reduce compliance risks [10].

In addition, Order of the Government of the Russian Federation No. 2258-r dated October 18, 2018, approved methodological recommendations for the creation and organization by federal executive bodies of a system of internal assurance of compliance with antitrust legislation requirements to form a unified approach. Some provisions of these recommendations can also be used as a basis by pharmaceutical companies for developing their own local normative acts in the field of antitrust compliance. In particular, to organize antitrust compliance, a federal executive body must adopt an act containing:

  • Information about the authorized unit (official) responsible for the functioning of antitrust compliance and about the collegial body assessing the effectiveness of its functioning;
  • The procedure for identifying and assessing risks of violating antitrust legislation when carrying out activities;
  • The procedure for familiarizing civil servants/employees with the act on the organization of antitrust compliance;
  • Measures aimed at exercising control over the functioning of antitrust compliance;
  • Key performance indicators and the procedure for assessing the effectiveness of antitrust compliance functioning.

Another recommended document for developing a compliance system in an organization is the ICC Antitrust Compliance Toolkit, prepared by the International Chamber of Commerce (ICC). The document complements materials prepared by antitrust authorities and other materials on this topic and is dedicated to practical steps that can be taken within an organization to successfully implement a compliance culture. The toolkit describes in fair detail the process of building a compliance system and identifying compliance risks. Each chapter provides general considerations relevant to the specific compliance system components discussed therein. This is followed by an overview of practical measures to be taken, with examples and descriptions of various possible approaches. Notably, the toolkit also pays attention to building compliance in small organizations. Thus, regarding small and medium-sized enterprises (SMEs), it states: "SMEs may not need to create a complex organization with separate compliance officers for different activities/countries or have sufficient resources to do so. In such a case, a single senior individual should be made responsible for identifying risks, organizing appropriate training courses, and obtaining training materials from external third-party service providers" [11].

According to Part 4 of Article 9.1 of the Law on Protection of Competition, information on the adoption (application) of an internal act (internal acts) on antitrust compliance must be posted by the economic entity on its website on the Internet in Russian. It is sufficient to indicate the details of the act (acts). As noted by FAS Russia, posting the text of the internal act (internal acts) on antitrust compliance on the Internet is a right of the economic entity and remains at its discretion.

Regarding the procedure for assessing risks of antitrust legislation violations, it is recommended to provide a description of the risk identification and assessment processes, including measures taken within the framework of organizing these processes, the frequency and timing of their implementation, the persons participating in the organization and implementation of said measures, the procedure for organizing interaction between persons participating in said measures, and the procedure for documenting risk assessment results and adjusting them if necessary.

Economic entities independently identify the antitrust legislation requirements applicable to their activities, taking into account, inter alia, the structure, nature of activities, sector of the economy in which the economic entity operates, and other parameters.

The most common types of antitrust legislation violations in the pharmaceutical sector are imposing unfavorable terms on a counterparty or terms unrelated to the subject of the contract, collusion in public tenders, and economically or technologically unjustified refusal or evasion to conclude a contract with individual buyers (customers).

To reduce the risks of abuse of a dominant position, FAS Russia developed requirements for all pharmaceutical companies dominant in the market regarding interaction with distributors, and also published Recommendations for the development and application of commercial policies by economic entities. These recommendations are posted on the FAS Russia website and state that to avoid prosecution by antitrust authorities, FAS Russia recommends that economic entities align their activities with antitrust legislation norms, determine product markets that are potentially non-competitive, and develop and implement an internal document (commercial policy) on the selection of counterparties, interaction with them, and termination of work with counterparties. It is extremely important for economic entities potentially dominant in the market of a certain product and located in the zone of antitrust risks to adopt and use a document (commercial policy) containing criteria for selecting counterparties, the verification procedure (description of processes) conditioning decision-making, the list and powers of persons participating in procedures for approval or refusal of commercial relations, persons making such decisions, terms and procedures for reviewing applications from counterparties (potential counterparties), as well as terms of cooperation with counterparties determining the cost of goods, supply volume, payment terms, discounts, bonuses, etc. The counterparty selection process must be set out in detail, disclosing all possible stages of reviewing applications for cooperation (for concluding a contract), disclosing information about persons (positions) who influence decision-making, make decisions, are members of the application review commission (if available), the maximum term for reviewing such applications, terms for reviewing applications at each verification stage, and the possibility of extending verification terms at each stage with justification of possible reasons [12].

Furthermore, on April 19, 2016, the Association of European Businesses (AEB) and the Federal Antimonopoly Service (FAS) held a joint press conference presenting the Code of Good Practice in the Pharmaceutical Industry. A number of major companies signed a declaration of accession to the Code of Good Practice in the Pharmaceutical Industry. The main objective of the Code of Good Practice in the Pharmaceutical Industry is self-regulation of the pharmaceutical business in Russia, as well as the creation of fair, open, and conscientious rules of competitive interaction in the pharmaceutical industry. Any legal entity that is part of a group of persons with a manufacturer, imports products into the territory of the Russian Federation and introduces products into circulation in Russian territory, or imports and/or introduces products into circulation in Russia based on a contract with a person belonging to the product manufacturer's group of persons, can become a participant in this code.

The content of the Code of Good Practice in the Pharmaceutical Industry covers the following aspects:

  • Interaction with distributors (open rules and criteria for selecting distributors);
  • Commercial terms of contracts, including within the framework of public procurement;
  • Harmonization of instructions for use of medicinal products;
  • Prevention of corruption [13].

The main requirements regarding the implementation of an antitrust compliance system in a pharmaceutical company were discussed above.

Despite the fact that currently, the introduction of antitrust compliance systems for private companies and individual entrepreneurs (unlike public authorities, state and municipal institutions), according to the Law on Protection of Competition, remains their voluntary choice, many representatives of the non-state sector of the economy (including the pharmaceutical industry) understand that compliance is not a waste of time and money, but a powerful mechanism that must be integrated into the management strategies of modern Russian corporations as a necessary condition for their sustainable development [14].

Pharmaceutical Manufacturing Compliance

In addition to compliance in the field of antitrust legislation, building a compliance system in other areas of the company's activity may be required. In particular, the most common cases of bringing pharmaceutical companies to administrative liability are offenses in the form of carrying out activities with gross violations of licensing requirements. For such violations, the law imposes an administrative fine on persons carrying out entrepreneurial activities without forming a legal entity in the amount of 4,000 to 8,000 rubles or administrative suspension of activities for up to 90 days; on officials – from 5,000 to 10,000 rubles; on legal entities – from 100,000 to 200,000 rubles or administrative suspension of activities for up to 90 days. For example, Roszdravnadzor identifies gross violations of licensing requirements (in particular, storage conditions for medicinal products were not observed, some medicinal products had expired shelf lives) [15].

Also, violations in the manufacturing of medicinal products will be considered a gross violation of licensing requirements. Currently, drug manufacturing in Russia is regulated by the Rules of Good Manufacturing Practice adopted directly in Russia, approved by Order of the Ministry of Industry and Trade of Russia No. 916 dated June 14, 2013, as well as the Rules of Good Manufacturing Practice of the EAEU, approved by Decision of the Council of the Eurasian Economic Commission No. 77 dated November 3, 2016. At the same time, the registration dossier of an already registered medicinal product must be brought into compliance with EAEU requirements by December 31, 2025. Consequently, a transitional regime is currently in effect, where both the Russian Rules of Good Manufacturing Practice and GMP EAEU apply.

To comply with requirements for the safety and proper quality of manufactured medicines, a comprehensively designed and correctly functioning Pharmaceutical Quality System is created, incorporating Good Manufacturing Practice and Quality Risk Management. Good Manufacturing Practice is that part of quality management which ensures that products are consistently produced and controlled to quality standards appropriate to their intended use and as required by the registration dossier, clinical trial protocol, and specification for the product (Clause 1.8 GMP EAEU). Also, Chapter 4 of GMP EAEU establishes the main documents required to be maintained in the organization within the quality assurance system. Two main types of documentation are established to fulfill GMP EAEU requirements: regulatory – instructions (directions, requirements) and recording – records (reports). Appropriate controls must be implemented to ensure the accuracy, integrity, availability, and legibility of documents. Regulatory documents must be available in writing and free of errors. In addition, it should be clearly defined which record relates to each type of manufacturing activity and where it is located. Reliable controls, validated where appropriate, must be in place to ensure record integrity throughout the retention period. Clear operating instructions for major items of manufacturing and test equipment must be available.

Logbooks should be kept for major or critical manufacturing and test equipment and for areas where the product has been processed. These logs should record in chronological order any use of these areas, equipment, and methods, calibrations, maintenance, cleaning, or repair operations, including the dates and identity of people who carried out these operations.

Responsible persons are appointed in the organization to maintain documentation. In fact, it can be noted that documentation within the framework of compliance with GMP EAEU requirements can be considered part of the system for building compliance control in the field of drug manufacturing in a pharmaceutical company.

Personal Data Compliance in Healthcare

According to Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter – "The Law on Personal Data"), personal data is any information relating to a directly or indirectly identified or identifiable natural person (personal data subject). An operator is a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data. Thus, the concept of "personal data" covers a wide range of information, including surname, first name, patronymic, passport data, etc., and in some cases, email addresses.

For example, the Supreme Court of the Russian Federation recognized as lawful the imposition of liability for disclosure of personal data due to an organization's failure to provide information required by antitrust legislation upon request of the antitrust authority, specifically: information was provided upon request, excluding full names of employees using email addresses because such information belongs to personal data. Consequently, if email addresses contain the personal data of their owner, such addresses may be classified as personal data [16]. Also, cookie files were recognized as personal data according to law enforcement practice [17].

Federal Law No. 266-FZ dated July 14, 2022, "On Amendments to the Federal Law 'On Personal Data', Certain Legislative Acts of the Russian Federation and Recognition of Part Fourteen of Article 30 of the Federal Law 'On Banks and Banking Activities' as Void" introduced amendments effective September 1, 2022, regarding an organization's handling of personal data. According to these, the obligation to notify Roskomnadzor before starting personal data processing about its intention to process personal data applies to the processing of personal data:

  • Processed in accordance with labor legislation;
  • Received by the operator in connection with concluding a contract to which the personal data subject is a party, if the PD is not disseminated, nor provided to third parties without the consent of the personal data subject and is used by the operator solely for performing said contract and concluding contracts with the personal data subject;
  • Relating to members (participants) of a public association or religious organization and processed by the respective public association or religious organization acting in accordance with the legislation of the Russian Federation to achieve lawful goals provided for by their constituent documents, provided that the PD will not be disseminated or disclosed to third parties without the written consent of the personal data subjects;
  • Permitted by the personal data subject for dissemination, provided the operator complies with the prohibitions and conditions stipulated by Article 10.1 of the Law on Personal Data;
  • Including only surnames, first names, and patronymics of personal data subjects;
  • Necessary for the purpose of a single entry of the personal data subject onto the territory where the operator is located, or for other similar purposes.

Since September 1, 2022, the listed cases of personal data processing are no longer grounds for exemption from the corresponding notification.

According to the amendments, this obligation does not arise in cases of personal data processing:

  • Included in state information systems of personal data created for the purposes of protecting state security and public order;
  • In the event that the operator carries out personal data processing activities solely without the use of automation tools.

According to Art. 3 of the Law on Personal Data, automated processing is understood as processing data using computer technology. At the same time, there are currently no official clarifications as to whether processing data in MS Word and Excel (which is quite common in most organizations) is classified as automated processing of personal data.

Based on these provisions, it follows that most organizations effectively fall under the Roskomnadzor notification requirements, which will require more serious elaboration of conditions for handling personal data.

In addition, according to Art. 18.1 of the Law on Personal Data, an operator that is a legal entity must publish documents defining the operator's policy regarding personal data processing, local acts on personal data processing issues defining for each purpose of personal data processing the categories and list of processed personal data, categories of subjects whose personal data are processed, methods, terms of their processing and storage, the procedure for destroying personal data upon achievement of processing goals or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations. From the literal interpretation of this norm, it follows that the policy may consist of several documents. At the same time, it is mandatory to develop a policy for each direction of personal data processing (e.g., processing within the framework of interaction with employees, processing client requests, maintaining the company's official website (if personal data collection is performed through it)).

In accordance with Part 2 of said article, the operator is obliged to publish or otherwise ensure unlimited access to the document defining its policy regarding personal data processing and to information on the implemented requirements for personal data protection. An operator collecting personal data using information and telecommunication networks is obliged to publish in the corresponding information and telecommunication network the document defining its policy regarding personal data processing and information on implemented requirements for personal data protection, as well as to ensure the possibility of access to said document using the means of the corresponding information and telecommunication network, including on the pages of the website belonging to the operator in the information and telecommunication network "Internet," using which the collection of personal data is carried out.

According to Art. 13.11 of the Code of Administrative Offenses of the Russian Federation (CAO RF), failure to fulfill the obligation to publish or otherwise ensure unlimited access to the document defining the operator's policy regarding personal data processing or information on implemented requirements for personal data protection entails the imposition of an administrative fine on citizens in the amount of 1,500 to 3,000 rubles; on officials – from 6,000 to 12,000 rubles; on legal entities – from 30,000 to 60,000 rubles.

Roskomnadzor has provided recommendations for drafting a personal data processing policy. It is recommended to include the following structural components in this document:

  • General provisions. It is recommended to describe the purpose of the Policy, as well as include the main concepts used in it;
  • Purposes of personal data collection. Purposes of personal data processing may stem, inter alia, from an analysis of legal acts regulating the operator's activities;
  • Legal grounds for personal data processing (the set of legal acts in execution of which and in accordance with which the operator processes personal data);
  • Volume and categories of processed personal data, categories of personal data subjects;
  • Procedure and conditions for personal data processing. It is recommended to list the actions performed by the operator with the subjects' personal data, as well as the methods of personal data processing used by the operator and processing terms.

It is also recommended to indicate information on compliance with personal data confidentiality requirements, conditions for termination of their processing, and the procedure for their destruction. It is also recommended to include regulation(s) for responding to requests/appeals from personal data subjects and their representatives, authorized bodies regarding inaccuracy of personal data, unlawfulness of their processing, withdrawal of consent, and access of the personal data subject to their data, as well as corresponding forms of requests/appeals [18].

At the same time, by virtue of Art. 18.1 of the Law on Personal Data, the operator is obliged to familiarize the operator's employees directly processing personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the operator's policy regarding personal data processing, local acts on personal data processing issues, and (or) to train said employees.

Thus, taking into account recent innovations, compliance in the field of personal data processing can become the basis for minimizing the risks of bringing a pharmaceutical company to administrative liability. Currently, all pharmaceutical companies are recommended to analyze the procedure for personal data processing in the organization, including with the involvement of the legal department and IT specialists, as well as to update the personal data processing policy with the appointment of persons responsible for the implementation of this policy.

Anti-Corruption Compliance in a Pharmaceutical Company

According to Art. 7 of Federal Law No. 273-FZ dated December 25, 2008, "On Combating Corruption," the main directions of state bodies' activities to increase the effectiveness of combating corruption include, inter alia, the introduction of anti-corruption standards, i.e., establishing a unified system of prohibitions, restrictions, and permissions for the relevant area of activity, ensuring the prevention of corruption in that area.

By virtue of Art. 13.3 of said federal law, organizations are obliged to develop and take measures to prevent corruption:

  • Measures to prevent corruption taken in an organization may include:
  • Designating departments or officials responsible for the prevention of corruption and other offenses;
  • Cooperation of the organization with law enforcement agencies;
  • Development and implementation of standards and procedures aimed at ensuring the conscientious work of the organization;
  • Adoption of a code of ethics and official conduct for the organization's employees;
  • Prevention and settlement of conflicts of interest;
  • Prevention of creating unofficial reporting and using forged documents.
  • Particular importance is attached to the adoption of internal control measures aimed at preventing the emergence of corruption risks.

Currently, the Ministry of Labor of Russia website has published Methodological Recommendations for the Development and Adoption of Measures by Organizations to Prevent and Combat Corruption. Section IV of these recommendations details requirements for the organization's anti-corruption policy. The document states that the organization's anti-corruption policy is a set of interrelated principles, procedures, and specific measures aimed at preventing and suppressing corruption offenses in the activities of said organization.

It is recommended to adopt the anti-corruption policy and other organization documents regulating issues of preventing and combating corruption in the form of local normative acts, which will ensure their mandatory execution by all employees of the organization.

The following stages should be distinguished in the development and implementation of the anti-corruption policy as a document:

  • Drafting the anti-corruption policy;
  • Discussing the draft and approving it;
  • Informing employees about the anti-corruption policy adopted in the organization;
  • Implementing anti-corruption measures provided for by the policy;
  • Analyzing the application of the anti-corruption policy and, if necessary, revising it.

It is recommended to reflect the following issues in the anti-corruption policy:

  • Goals and objectives of implementing the anti-corruption policy;
  • Concepts and definitions used in the policy;
  • Basic principles of the organization's anti-corruption activities;
  • Scope of the policy and the circle of persons falling under its action;
  • Definition of the organization's officials responsible for implementing the anti-corruption policy;
  • Definition and consolidation of duties of employees and the organization related to preventing and combating corruption;
  • Establishment of a list of anti-corruption measures, standards, and procedures implemented by the organization and the procedure for their execution (application);
  • Liability of employees for non-compliance with anti-corruption policy requirements;
  • Procedure for revising and amending the organization's anti-corruption policy.

The main circle of persons falling under the policy's action are employees of the organization who are in employment relations with it, regardless of their position and functions performed. However, the policy may establish cases and conditions under which its action extends to other persons, for example, natural and (or) legal persons with whom the organization enters into other contractual relations.

It is recommended to include in the organization's anti-corruption policy a list of specific measures that the organization plans to implement to prevent and combat corruption. The set of such measures may vary and depends on specific needs. Table 1 of these recommendations provides an approximate list of such measures, which include:

  • Regulatory support, consolidation of standards of conduct, and declaration of intent;
  • Development and introduction of special anti-corruption procedures;
  • Training and informing employees;
  • Ensuring the compliance of the organization's internal control and audit system with the requirements of the organization's anti-corruption policy;
  • Involvement of experts;
  • Assessment of the results of anti-corruption work carried out and distribution of reporting materials [19].

The Ministry of Labor of Russia website also lists measures to prevent corruption in organizations. They contain similar norms regarding the approximate content of the anti-corruption policy. It is indicated that when developing an organization's anti-corruption policy, it is necessary to consider the form of ownership, organizational-legal form, industry affiliation, size, structure, geography of activity, management model, specifics of the organization's internal operations (procurement, marketing, sales, etc.), and other features.

The developer of the organization's anti-corruption policy may be an employee or a structural unit of the organization assigned functions to prevent corruption. Large and medium-sized enterprises with sufficient financial resources may involve external experts in the development and subsequent implementation of the relevant anti-corruption policy.

When building an effective anti-corruption policy, it is critically important to understand what corruption offenses may be committed by employees of the specific organization given the specifics of its activity, within which business processes such offenses are most likely, what are the possible methods or schemes for committing them, and what consequences they may lead to.

Attention is drawn to the fact that the approximate procedure for assessing corruption risks depends on the specifics of the specific organization; the procedure for assessing corruption risks may have its own features. However, it is recommended to include such components as:

  1. Identification of corruption risks – determination of corruption offenses that may be committed by employees of the organization, and detection of those business processes and their constituent sub-processes during which the commission of such unlawful acts is possible;
  2. Analysis of corruption risks – determination of possible methods of committing a corruption offense taking into account the specifics of implementing business processes in the organization ("corruption schemes"), the circle of persons who may be involved in committing a corruption offense, vulnerabilities of business processes, i.e., those features of their organization that facilitate or do not prevent the commission of a corruption offense;
  3. Ranking (determining the significance) of corruption risks – assessment of the probability of committing a corruption offense at a certain stage of a particular business process and the possible harm caused to the organization and society as a whole in the event of a corruption offense being committed by an employee (employees) of the organization [20].

In practice, the implementation of anti-corruption compliance by Russian companies is driven by various reasons, divided into several groups. The first group includes subjective reasons, the personal position of managers and owners of companies regarding the unacceptability of corruption as a method of doing business. This position may be driven by ethical principles and values of managers and owners, concern for the company's business reputation. The second group includes a purely pragmatic desire to reduce corruption risks at the level of middle managers and employees, prevent possible economic damage, and increase profits from doing business. The third group includes legal reasons with the need to avoid criminal liability and administrative liability of legal entities [21]. Despite the absence in the CAO RF and the Criminal Code of the Russian Federation of a dependence between the presence/absence of an anti-corruption policy in an organization and the imposition of punishment for relevant corruption offenses, liability risks stimulate the development of internal anti-corruption compliance systems.

In addition, pharmaceutical companies may be subject to the requirements of transnational anti-corruption laws. Such legal acts include the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. As a general rule, the Bribery Act may apply to any foreign company or organization carrying out its business wholly or partially in any part of the United Kingdom and noted for corruption. The FCPA establishes that a company falls under its action, inter alia, if it participates in corrupt payments through its agents, shareholders, or other persons. Thus, a company may fall under the FCPA if its management body includes US citizens and/or any employee of a Russian company who is a US citizen gives (offers) a bribe in the company's interests. In this regard, given any signs that said laws will apply to a pharmaceutical organization, it is necessary to include appropriate provisions in the company's anti-corruption policy, as well as to elaborate conditions on compliance with said transnational legal acts (anti-corruption clause) in contracts with counterparties.

Despite the fact that all the above measures and recommendations for developing anti-corruption policies in organizations are recommendatory in nature, there are grounds to believe that currently, there is a need to implement an anti-corruption compliance system in most pharmaceutical companies, as this can help avoid liability for violating anti-corruption legislation.

Compliance Regarding the Activities of Pharmaceutical Workers

According to Part 2 of Art. 74 of Federal Law No. 323-FZ dated November 21, 2011, "On the Fundamentals of Health Protection of Citizens in the Russian Federation," pharmaceutical workers and heads of pharmacy organizations do not have the right to:

  • Accept gifts, monetary funds, including for payment of entertainment, recreation, travel to a place of recreation, and participate in entertainment events held at the expense of the company or company representative;
  • Receive from the company or company representative samples of medicinal products, medical devices for delivery to the population;
  • Conclude agreements with the company or company representative on offering certain medicinal products, medical devices to the population;
  • Provide the population with unreliable and (or) incomplete information about the availability of medicinal products, including medicinal products having the same international nonproprietary name, medical devices, including concealing information about the availability of medicinal products and medical devices having a lower price.

Part 3 of said article contains a reference norm: "For violations of the requirements of this article, medical and pharmaceutical workers, heads of medical organizations and heads of pharmacy organizations, as well as companies and company representatives bear liability provided for by the legislation of the Russian Federation". However, to date, the application of a number of liability measures for violating said restrictions is quite problematic. For example, the establishment of administrative liability measures in the CAO RF regarding a medical worker (the main subject of restrictions) is currently not provided for [22].

Nevertheless, non-compliance with said norms can negatively affect the organization's activities, including creating corruption-prone factors. For example, the most detailed procedure for the interaction of pharmaceutical workers with healthcare professionals is provided in the Code of Practice of the Association of International Pharmaceutical Manufacturers (AIPM). According to Cl. 3.1.1-3.1.2, 3.3.1, 3.3.4 of the Code of Practice of the Association of International Pharmaceutical Manufacturers (AIPM), interaction of pharmaceutical companies with healthcare professionals must be directed towards bringing benefit to patients and improving medical practice. The purpose of such interaction must be providing healthcare professionals with new information about pharmaceutical products, providing them with scientific and educational information, as well as supporting scientific and clinical research. Cooperation of pharmaceutical companies with healthcare professionals should not result in a conflict of interest for healthcare professionals, particularly between their professional duties and personal interest. The purpose of all events held must be informing healthcare professionals about pharmaceutical products and/or providing them with scientific or educational information in the field of healthcare or pharmaceutics. The event must be held in a suitable place and under conditions conducive to achieving the scientific and educational goals of said event. It is necessary to avoid places and venues known for their entertainment establishments and/or events or those that are extravagant. It is prohibited to use facilities that are associated in the public eye with entertainment, luxury, or exclusivity, regardless of their class [23].

We believe that said norms can be consolidated in the internal policies of pharmaceutical organizations.

In addition, the All-Russian Public Organization "League of Patient Advocates" developed the Ethical Code of the Pharmaceutical Worker (Pharmacist). The Code represents a set of ethical norms and moral principles of behavior for a pharmaceutical worker when providing qualified, accessible, and timely pharmaceutical assistance [24]. In particular, according to Cl. 1.5 of the Ethical Code: "when carrying out pharmaceutical activities, a pharmaceutical worker must always adhere to the principles of ethical competition, ethical marketing, and advertising. The main principle must be ensuring the safety and efficacy of prevention and treatment of diseases, as well as compliance with deontological norms of interaction between all partners of the pharmaceutical market" [25].

Based on the foregoing, it can be concluded that in addition to the norms of industry legislation established at the legislative level, compliance in the field of organizing work within the company, interaction of employees both among themselves and with counterparties and partners allows organizing the company's work not only in accordance with current legislation but also in accordance with ethical norms and other rules allowing for transparent business conduct and developing a positive reputation among patients and counterparties.

In addition to the areas of activity indicated in this article where the implementation of a compliance system is necessary, pharmaceutical organizations may require compliance in other directions. For example, in procurement, in the field of tax or customs control, currency operations, etc.

As follows from all conclusions made in this article, the most optimal tools for building an effective compliance model in a pharmaceutical company will be:

  • Detailed analysis of the organization's main areas of activity;
  • Joint elaboration by the legal department and key personnel, involving specialized employees, of existing risks of the company violating legislative requirements;
  • Development of local legal acts regulating the activities of employees, including basic ethical principles of work in the organization;
  • Development of the company's anti-corruption policy;
  • Creation of a policy on personal data processing;
  • Development of a system of internal assurance of compliance with antitrust legislation requirements;
  • Creation of other documentation within the framework of compliance regulating the company's activities;
  • Development of procedures for familiarizing employees with the compliance system implemented in the organization.

____________________________

References

[1] Compliance in Entrepreneurial Activity: History of Formation, General Provisions, Problems of Formation in the Russian Federation. A.A. Filippovich // "Bulletin of the O.E. Kutafin University (MSAL)". No. 3/2018. 2018.

[2] History of Compliance in Russia. 28.12.2013. Category Theory of Compliance. Compliance Blog.

[3] Methodological Recommendations for the Development and Adoption of Measures by Organizations to Prevent and Combat Corruption. Document text provided according to publication on the Ministry of Labor of Russia website as of 19.12.2018.

[4] Compliance in the Pharmaceutical Sphere. Nizharadze I., Pronin S. // "Quality Management in Medicine". October. 2019.

[5] Compliance Check-list: Risk-Oriented Approach in Healthcare Sector Companies. Zayalova Daliya // "Pravo-300" 03.09.2016.

[6] Application of Compliance Control Tools for Optimization of Corporate Governance of Pharmaceutical Companies. Belyaev Yu.K. // "Izvestiya USUE" No. 1(45). 2013. P. 46.

[7] Clarification of FAS Russia dated 02.07.2021 No. 20 "On the System of Internal Assurance of Compliance with Antitrust Legislation Requirements".

[8] GOST R ISO 31000-2019 Risk Management. Principles and Guidelines.

[9] ISO 19600 Compliance Management Systems.

[10] Order of FAS Russia dated 27.11.2018 No. 1646/18 "On the System of Internal Assurance of Compliance with Antitrust Legislation Requirements in FAS Russia".

[11] The ICC Antitrust Compliance Toolkit.

[12] Recommendations of FAS Russia for the development and application of commercial policies by economic entities occupying a dominant position in medicinal product markets and medical device markets. 2016.

[13] Code of Good Practice in the Pharmaceutical Industry.

[14] Beigulenko S. A. Organization of Compliance Activities of Modern Pharmaceutical Corporations in Russia // Financial Research. 2016. No. 1 (50). P. 12—19.

[15] Ruling of the Constitutional Court of the Russian Federation dated 26.10.2021 No. 2335-O "On refusal to accept for consideration the complaint of Limited Liability Company 'Dental-Profi' regarding violation of its constitutional rights by provisions of a number of federal laws".

[16] Ruling of the Supreme Court dated 26.02.2019 in case No. A51-5205/2018.

[17] Ruling of the Moscow City Court dated 10.11.2016 in case No. 33-38783/2016.

[18] Recommendations for drafting the document defining the operator's policy regarding personal data processing, in the procedure established by Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data". Roskomnadzor. 2017.

[19] Methodological Recommendations for the Development and Adoption of Measures by Organizations to Prevent and Combat Corruption. Document text provided according to publication on the Ministry of Labor of Russia website as of 19.12.2018.

[20] Measures to Prevent Corruption in Organizations. Document text provided according to publication on the Ministry of Labor of Russia website as of 19.09.2019.

[21] On the Formation of an Interdisciplinary Concept of Anti-Corruption Compliance in the Russian Federation. Yu.P. Garmaev, E.A. Ivanov, S.A. Markuntsov // "Law. Journal of the Higher School of Economics". 2020. No. 4. P. 106–128.

[22] Romanovskaya O.V. Features of Professional Activity of Medical Workers in the Russian Federation // Labor Law in Russia and Abroad. 2013. No. 3. P. 38 - 41.

[23] Code of Practice of the Association of International Pharmaceutical Manufacturers (AIPM).

[24] The Role of the Ethical Code of the Russian Pharmacist in the Labor Activity of a Provisioner and Pharmacist. Dmitrishak M.V. // "Healthcare of Yugra: Experience and Innovations". 2022. No. 3.

[25] Ethical Code of the Pharmaceutical Worker (Pharmacist) of the All-Russian Public Organization "League of Patient Advocates".

 

March 7, 2023

E-mail
info@brace-lf.com

Send us a request with a detailed description of the issue.

Our phone
+7 (495) 147-11-03

Contact us by phone.

Clients & Partners

65.png
68.png
69.png
73.png
75.png
fitera.jpg
imko.png
logo.png
Logo_RED_RGB_Rus.png
logo_SK_2.png
Яндекс.Метрика