Blowing the whistle: tackling misconduct in the life sciences sector

A survey by the Internal Investigations Forum has highlighted vast differences in the quantity and quality of complaint reports globally and that companies need to nurture trust to improve internal relations. Here, Gary Giampetruzzi, Thomas Hauser and Jenny Pu provide an analysis of the results, including where there are areas for improvement and how pharmaceutical companies can use this information to refine their practices when it comes to misconduct.

Person with megaphone

HAVING CRITICAL insight that goes above and beyond the company’s intellectual property comes hand in hand for employees at any life sciences enterprise. As such, it is not uncommon for employees to see or hear about misconduct that the senior management team is completely unaware of. The highly pressurised and confidential nature of the pharmaceutical and medical technology industry means that the workplace culture may not be deemed as supportive of those who report misconduct – often for fear of being involved in an investigation. However, the knowledge employees hold is vitally important for the business’s overall success and there is a level of responsibility to share this information; otherwise, the company could face reputational damage, or worse, legal action if it is not shared. Fostering a culture where staff feel able to share information is therefore vital, as highlighted by guidance issued by the United States Department of Justice (US DOJ) last year.

In April 2019, the US DOJ published its second version of compliance guidance for life sciences and other companies, focusing on corporate reporting systems and internal investigations. The US DOJ advised that a “well-designed compliance programme” inherently means implementing processes for employees to confidentially and anonymously report any known breaches of conduct or company policy. The guidance further states that companies need to ensure there are “proactive measures” in place to encourage staff to report breaches, including protecting whistle blowers so there is no fear of repercussion.

The US DOJ also highlighted the need for investigations to be conducted by qualified independent, objective and correctly recorded. Investigations should identify the root causes of an alleged incident, as well as who was accountable, even when that implicates senior executives.

But where does this guidance leave companies and how should they act in light of it? A survey of leading medical technology and pharmaceutical companies, led by the Internal Investigations Forum, Navigant Consulting (a Guidehouse company) and Paul Hastings, was conducted to better understand investigation trends and cultivate best practice.

Areas for improvement

Companies need to start closing the gap between filed complaints and unreported incidents”

The results revealed vast regional differences in the quantity and quality of complaint reports and showed that companies generally need to nurture trust and develop internal relations. There will never be a one-size-fits-all approach, but there are areas for improvement. Companies need to start closing the gap between filed complaints and unreported incidents, which will in turn foster a stronger internal process for investigations.

The survey shows that all participants take misconduct and compliance seriously. All companies had a standard operating procedure (SOP) in place, clearly dictating what issues need to be reported, and most respondents had guidelines in place indicating how an investigation should be handled.

For the most part, those surveyed had pre‑determined criteria for deciding which claims to examine. Some, however, relied on human intervention to decide on more complex issues. This naturally brings subjectivity into the process, but it means that potential leads are not dismissed too early. Finding the balance between vehemently relying on standard criteria and utilising human screening is therefore key.

The results showed that over two thirds (69 percent) of reports were investigated. Of these, nearly half (46 percent) were substantiated. It is important to note that the disregarded claims were not necessarily unfounded, but that compliance teams had insufficient evidence to warrant a full investigation. This raises some important questions: could more be done to ensure all claims reported are tackled in the right way and, perhaps more worryingly, are the critical underlying issues being covered up or not reported due to fear of reprisals?

To address this, companies should be allocating appropriate resources for compliance efforts. Dedicated HR teams responsible for employee relations and assistance are essential to provide staff with tailored training, which should cover what ought to be reported and why, how to make a complaint and what to expect in the aftermath, including the limits of confidentiality.

Collaboration and the top down approach

In most companies, the legal or compliance department will handle misconduct reports. While these departments tend to lead the inquiry, they typically require help from other business areas that the case relates to. Depending on the issue at hand, the resolution could involve multiple departments, regional and local management and human resources. This complexity is shown by the length of time it takes to resolve a report – between 30 and 180 days.

People discussing topicWhilst 90 percent of respondents said they had provided training to employees, including sessions on corporate laws, finance and internal audits, employment law and case management, none provided training to help teams operate and work together towards a common goal. This lack of consistency can result in miscommunication, policy breaches and consolidation amongst employees that the legal and compliance teams should be avoiding.

Companies need to help executives and managers understand how investigations work and how they will be supported by creating an open dialogue to promote compliance and support whistle blowers. It is vital that this training takes into consideration the handling of complex behaviour that influences whether employees report violations or not. This will help create a ‘speak up’ culture.

It is not only about encouraging staff to feel comfortable reporting potential issues. Managers at board level should lead by example and be held accountable. This requires managers to demonstrate that raising concerns is welcomed and ensuring both direct and indirect line reports feel comfortable approaching them and asking questions. There is also a time and place for keeping employee confidences and making a judgement on whether an issue needs escalating.

Showing a willingness to co-operate with misconduct investigations and trying to understand how an incident happened encourages employees to engage with issues, whilst simultaneously helping to prevent similar problems arising.

The cultural gap

Implementing these processes can become complicated in large multinational corporations, particularly where various regions have entirely different cultures, and businesses must understand how to bridge this. The survey results highlighted huge gaps in reporting trends in different regions, including who reports issues, how often and how many claims are investigated and subsequently substantiated. For example, North American employees are far more likely to raise concerns than those in Russia or the Middle East. APAC countries have a much lower number of reports, but a much higher percentage of them are substantiated.

Repercussion incidents not only demoralise individuals in the workplace but can also damage the business to its core”

Not only do these results suggest a disparity in culture between outspoken and reticent behaviour, they also suggest a variation in the level of legal protection for whistle blowers. The latter is proven by the strong protection in the US and Canada where reported claims are highest, followed by the EU which is aiming to introduce a similar directive. Most countries do not have such in-built laws and subsequently we observed a drop in the number of staff willing to raise concerns.

Fear of retaliation

Whilst regional differences are apparent, reporting culture needs improvement everywhere. Fear of retaliation continues to be a prominent problem and, in turn, individuals that are part of a culture of reprisal are reluctant to report misconduct. Retaliation can come in many forms depending on the position of the staff involved; it ranges from threats and public shaming to reputational damage, demotion or even job loss. Repercussion incidents not only demoralise individuals in the workplace but can also damage the business to its core.

For example, the widely publicised case of Theranos demonstrated a culture of secrecy whereby employees who dared to speak up were marginalised, forced out of their jobs or threatened with litigation. Tyler Shultz, a former Theranos employee who blew the whistle on the whole operation, encouraged businesses to build a culture where staff can disagree and be taken seriously.

To ensure this happens, employers should be encouraged to:

  • Listen to all employees before expecting them to speak up
  • Take all reports of retaliation seriously and put measures for reporting it in place
  • Include specific examples of retaliation in the anti-retaliation policy that managers and supervisors may not have otherwise realised were legally actionable
  • Provide regular training to management of all levels and senior leadership
  • Demonstrate successful reports of misconduct.

Committing to compliance

There is a lot that companies can do when it comes to compliance. Implementing channels that staff can use to report incidents anonymously will help to increase the number of claims, and implementing strict anti-retaliation policies makes whistle blowers feel protected*. For example, when an employee files a misconduct complaint, the job of that employee is protected for six months following resolution of the complaint.

Training managers with leadership skills to foster integrity in their teams is vital. Understanding how and why an employee might not want to report an issue is necessary if they want to mitigate the risk.

No-one can change a corporate culture overnight, but leaders and employees across all regions and business functions need to understand the implications for themselves and the company as a whole if a serious compliance breach occurs. When the board leads from the top and the appropriate measures are put in place from middle management to protect staff, businesses can start to foster a truly forthcoming and accountable culture. 

*Protected means if any disciplinary actions need to be taken in the six months after an employee files a misconduct compliant, the investigator and/or the compliance officer in charge of the investigation needs to be contacted and will ensure this disciplinary action is not in retaliation.


About the authors

Gary GiampetruzziGary Giampetruzzi is a partner in the Litigation Department at Paul Hastings and Global Chair of the Life Sciences Department and Vice Chair of the Investigations and White Collar Department. Prior to joining Paul Hastings, Gary served as Vice President, Assistant General Counsel and Head of Government Investigations at Pfizer Inc., with responsibility for government investigations across the company’s multiple business units and operations globally.

Jenny PuJenny Pu is a managing consultant at Navigant Consulting, a subsidiary of Guidehouse. Jenny is experienced in forensic accounting, financial investigations, anti-money laundering, anti-bribery and corruption and regulatory compliance projects, having worked across Asia Pacific, Africa, China, Europe and the UK over the last decade.

Thomas HauserThomas Hauser is the European practice leader for the Life Sciences Governance, Risk Management and Compliance practice at Guidehouse. He has more than 25 years of operational business experience in management roles as CEO and in operational compliance and consulting, providing him with significant international experience in medical device and pharmaceutical companies; focusing on the US, Europe, Russia/ CIS, Middle East and China.