Editor: John, what philosophy underpins sanofi-aventis' compliance program?
Spinnato: When I talk about compliance with anyone in our company or the broader business community, I tell them, "Good ethics and good business go hand in hand." Compliance is a core organizational value, not only because of its legal ramifications, but also because it makes commercial sense. It's good for business when a company's personnel have clear-cut guidelines, understand what behavior is expected of them and know that they work for an organization that stands behind its principles.
Editor: Why is Integrity Interactive's service a critical component of sanofi-aventis' compliance program?
Spinnato: It's no secret that the pharmaceutical industry today is under intense scrutiny from every angle - ranging from patient safety to patent matters to regulatory requirements to pricing. That means that it is of primary importance to have state-of-the-art compliance programs. Training is an absolutely critical component. The effectiveness of a compliance program can't be audited unless the standard of behavior has been defined and communicated.
About four years ago, we were looking for ways that we could improve our compliance training. After doing some research on who was providing web-based training in a comprehensive manner at the time, we identified three players. After interviewing all three, we selected Integrity Interactive because we felt that its programs were superb in terms of excellent content as well as user-friendly delivery. We also liked Integrity Interactive's people and found a connection between them and our personnel - not only in our legal department, but also with all of the groups who met with them. Over the years, it has proven to be a very good partnership.
Editor: What contributes to a good partnership?
Lauer: Listening to and interacting with the client are essential to understanding the client's needs. While every company needs compliance training, the most effective content and best delivery will differ from organization to organization. We ask our clients questions about what subjects need to be covered and how their employees like to learn and receive information. Only after we have identified the client's needs can we design an effective training program.
Spinnato: Good partnering requires that neither party presumes that it has the right answer for the other. Effective partners together find the right answer based on each party's capabilities.
Intensively collaborative, partnering requires involvement of critical functionality. For example, our human resources (HR) and information services (IS) specialists are critical players on our cross-functional compliance teams. Regulatory Affairs is another critically important functional area in reviewing and approving our compliance program. Cross-functionality in our core teams not only provides access to the expertise, but also to the authority, needed to move ahead and make decisions.
Editor: How does Integrity Interactive complement the in-house capabilities of sanofi-aventis?
Lauer: The common elements of our compliance training include use of a consistent technology platform for delivering the information. Because different means of communicating exist within different organizations, we tailor our common tools to the specific needs of the client organization.
A lot of the content in our courses is similar from client to client - antitrust law is antitrust law - but we customize a course for a client to make sure that it resonates most effectively with the employees of that particular client. For example, we would try to use examples of antitrust compliance failures within a client's particular industry, which would mean more to that client's employees than would examples drawn from a very different industry with which they are unfamiliar.
Several years ago, we realized that our clients understand very well their industry and their particular training needs. Few of them had the resources to focus on the ongoing developments in the area of corporate compliance and ethics programs, however, even though those developments might hold great significance for their compliance and training programs. We felt that we, as the compliance training "expert" in the relationship with each client, should devote our attention to that subject.
As a result, we created the Integrity Research Group, of which I am Director, as an added value to our clients without additional cost to them. We look at new court or regulatory decisions and try to provide our clients some insights into the implications that those developments might hold for them. The first white paper based on such analysis reviewed the 2004 changes to the Sentencing Guidelines for Organizational Defendants. In more recent months, we have reviewed the French agency decision vis--vis anonymous hotlines and the settlements by directors of WorldCom and Enron that entailed significant personal contributions by those directors to plaintiffs who suffered losses due to the bankruptcies of those companies.
Spinnato: Our IS department liaison with Compliance has been firm in her support of Integrity Interactive because she feels that it is an easy relationship, and our needs are almost always met. I think that Steve and everyone on his team are respectful of what we need to accomplish and what our limitations are as well.
Editor: Please give an example or two of the collaboration between your organizations.
Spinnato: Integrity Interactive's training modules, particularly on the pharmaceutical side, have been customized to highlight the matters of particular importance to our organization. This kind of flexibility is very important to us because, like every other company, we've had our own experiences. We greatly appreciate how Integrity Interactive goes to the limit to make sure that they are giving us what we need in our compliance training. The Integrity Interactive team has always displayed a willingness to change and update their training programs to reflect our company's perspective on judicial decisions, legislative mandates, regulatory climate and industry trends.
Lauer: We have worked with sanofi-aventis to determine not only the content of their courses, but also to determine which courses make the most sense for particular categories of its employees. For example, certain compliance training applies across the board. Anti-harassment courses are common examples. Other courses are targeted to "at-risk" concerns, meaning they are delivered to a more discrete group of employees. Antitrust is an example of a course designed for the sales staff, trade association representatives, and other personnel who have the greatest risk of encountering antitrust issues in their jobs.
Another example of our collaboration is the updating of compliance training courses based on sanofi-aventis' knowledge of the current issues in its industry, which its experts know much better than we could ever dream of knowing. When they bring an issue to our attention, we consider how we can most effectively adapt our training material. Collaboration based on sanofi-aventis' understanding of its industry and our understanding of the broader compliance picture works very well.
Editor: How do you see compliance programs evolving in the next few years?
Spinnato: I would need to repeat what I said at the beginning, which is that training is the foundation of an effective compliance program. We need to continually update the content of our training programs as well as to ensure that we have the right mix of web-based and live training. At the same time, we have to make sure that we aren't overburdening our employees with more training than is necessary. We can do this by making sure that compliance training addresses the issues that our personnel are likely to face on their jobs as those jobs, the industry and business evolve. I think the evolution of compliance training will continue to focus on the effectiveness of how the content and delivery are being targeted.
Lauer: As the legal and regulatory environment continues to mature, different aspects of compliance will take on greater focus beyond the current emphasis on identifying the appropriate content of a training program. For example, the Federal Sentencing Guidelines include consideration of the risk-assessment process. The types of questions being explored include: How is a compliance program designed and monitored? How is its effectiveness being tested? The monitoring and testing of compliance programs are two areas where we will see a lot of attention over the next few years.
Spinnato: I agree with Steve. Companies need to make sure that they have buttoned-down-tight audit programs. They have to have some means of verifying that their compliance training and hotlines are having a positive impact.
Lauer: That's really where the test will lie. How do you know that the education you're delivering to your employees is reaching them, and reaching them in an effective way? Are they receiving the message that you want them to receive?
A number of risk assessment issues have not yet been fully scoped out in the field. For example, I don't think there have been many tools developed to test the effectiveness of compliance training, but I see them coming very soon. I know it's an area on which Integrity Interactive has been focusing a lot of its attention.
Spinnato: I think that risk assessment is a component of compliance programs that most companies haven't spent a lot of time thinking about because everyone has been too busy dealing with the demands of getting decent compliance programs in place. When companies take the time to step back to develop underpinning philosophies and perform the risk assessments needed to measure whether their philosophies have been put into action, they can ensure the effectiveness of their compliance programs.
Lauer: I agree with John that a good risk assessment underlies both the initial design of a good program as well its ongoing maturation. Compliance programs ought not to be static. By assessing what does and doesn't work, compliance programs can be updated to the needs of an organization. Because organizations change over time - whether by way of internal growth, mergers or reorganization - and the legal and regulatory climate continually changes, a compliance program must be adaptable over the course of time. The degree of change requires a means of looking at the compliance program and making sure it's working as expected, maximizes what's being putting into it, and is really protecting your organization. That requires the ongoing analysis that's part of any good risk-assessment protocol.