Pharma and Healthcare Companies can Benefit from ISO 37001

When global pharmaceutical giant GlaxoSmithKline found itself in the Chinese government’s crosshairs for an alleged large-scale bribery scandal, there was perhaps little doubt that the consequences would be large-scale, as well. GSK was accused of systematically paying bribes and “gratuities” to doctors and hospitals in return for favourable product use and promotion. Pharma and Healthcare Companies ISO 37001 Benefits

China was in the midst of an emerging anti-graft campaign and imposed tough penalties against GSK and its executives: In the end, various company leaders were arrested and eventually given suspended prison sentences; GSK was fined $490 million; and the corporation published a statement of apology to the Chinese government and its citizens.

GSK’s fraud was arguably symptomatic of a widespread problem among pharmaceutical companies and healthcare providers (also called “life sciences” providers) with bribery and corruption in economies and healthcare markets around the world. Despite increased awareness of the problem and the application of sophisticated anti-fraud mechanisms, individual actors and agencies continue to defraud public and private health systems in the same ways exemplified by GSK in China.

Generally speaking, healthcare and pharma presents a target-rich environment for fraud. Quantitative data indicate that healthcare fraud has already risen starkly in recent years. The World Health Organisation (WHO) estimates that, where losses have been measured and the types of health expenditure have been covered, the average annual cost of fraud totals 7.29 per cent of healthcare budgets (Gee and Button, 2014). With rapidly ageing populations and the increased costs of providing long-term care, placing substantial pressure upon already overburdened health and social care sectors, healthcare spending will continue to increase worldwide. Unfortunately, this will also bring increased fraud schemes, as fraud perpetrators follow the money.

Bribery and corruption will continue to be a part of this upward trend in fraud. Certainly, not all cases are as broad and sweeping as GSK’s – in some cases, corruption occurs simply because the pharma or healthcare entity doesn’t have proper controls in place to uncover red flags. This also raises serious compliance issues in a landscape that has increasingly stringent regulations and enforcement measures to punish organisations that fail to implement proper anti-bribery and anti-corruption management procedures.

CRI Group investigates: Pharma corruption case included CFO

A major pharma company suspected bribery and corruption among some of its senior employees. The client’s corporate security department had received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).

An outside investigation firm was called in launch a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks. This process uncovered the fact that the client had no policy or code of conduct concerning ethics, compliance and standards for appointment of vendors, suppliers and local agents. Most troubling was the fact that in most cases, senior management referred business opportunities to friends and family members.

Investigators found that one of the vendors, which was deeply engaged in procurements and the supply of services for the pharma company over the past five years, raised serious red flags. The vendor’s letterhead lacked a physical address, and the only contact information listed was a single cell phone number. It was clear this vendor warranted further investigation.

Investigators used site visits, background checks and interviews to determine that the suspicious vendor was not a company at all – but a single person. Not just any person, however – a public records check with a national database revealed that this individual, who was posing as a major vendor, was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this blatant fraud was being conducted right under the noses of procurement and finance professionals at this large and well-known pharma company.

The individual’s residence was being used as a warehouse to help facilitate the fraud. A comprehensive litigation records check found that he was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

A high fraud risk environment was created through the non-compliance of specific procurement rules, and a lack of integrity due diligence and proper risk management. Also, severe conflicts of interest were exposed, connected to high-level executive positions and benefiting those in positions of power.

The pharma company was exposed to highly unethical practices and could face regulatory and other government action. Furthermore, the company was at risk of civil and criminal investigations and liability, damage to its reputation, and loss in shareholder trust, all of which could adversely affect the company’s financial well-being.

A solution through ISO 37001:2016 ABMS

The case study above is not an outlier – such corruption cases are relatively common in such a broad and complex industry. The pharma company could have prevented the scandal altogether, however, had it proactively implemented a proper anti-bribery management system (ABMS). There is a solution that pharma and healthcare companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001:2016 is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

CRI Group’s ABAC Certification Services is fully accredited to offer independent ISO 37001:2016 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised worldwide.  CRI Group’s auditors and analysts work with pharma and healthcare companies to develop measures that integrate with existing management processes and controls, and include:

  • Adopting an anti-bribery policy
  • Establishing buy-in and leadership from management
  • Training personnel in charge of overseeing compliance
  • Communicating the policy and program to all personnel and business associates
  • Providing bribery and corruption risk assessments
  • Conducting due diligence on projects, business associates and other third-party affiliations
  • Implementing financial and commercial controls
  • Developing reporting and investigation procedures

In the case study outlined above, having such an ABMS in place would have detected the red flags of bribery and corruption before the scandal was able to proliferate and cause so much damage to the company. Risk assessments, in particular, would have uncovered the lack of due diligence procedures and alerted organisation leaders to the trouble areas that were points of opportunities for the CFO and his brother-in-law. Also, having proper due diligence procedures in place to vet and uncover fraudulent third-parties would have detected the problem with this vendor from the outset.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO37001:2016 standard. During this time, any changes to processes and any new relationships with vendors and other third-party partners are carefully reviewed.

Long-lasting benefits of ISO 37001:2016 certification

ISO 37001 provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner.

By achieving ISO 37001:2016 certification, a pharma or healthcare organisation will ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems. It will also assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. Today, companies cannot afford to be reactive to threats of bribery and corruption. By achieving ISO 37001 Anti-Bribery Management System certification today, an organisation will remain in compliance and better positioned to address risks head-on.


Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.