Compliance Integrity and Company Morals

As a experienced former FDA regulator, I detected issues that manifested early in an inspection that many times are early indicators of where the inspection might be headed. The inspection can end with the following FDA classifications: NAI (No Action Indicated) or VAI (Voluntary Action Indicated), a classification that basically allows the firm to promise corrections without further regulatory action. The negative impacting classification, OAI (official Action Indicated) classification, is assigned when major deviations are noted. OAI has and an endorsement for regulatory action.

Those unofficial signs and human behavior that at times provide clues to the experienced investigator or auditor that are not stated in some FDA compliance program or federal code of regulation. These perceptions do not lend themselves directly to verification and validation and are not like the many other controls that must be reflected on the documentation. Regardless if they lack reference in the regulations or guides, they play a very important role in the outcomes of an inspection and endorsement of the findings. They influence the “confidence” the FDA will have on the firm on the ability to grant time and trust in the firm that the firm will correct those deviations and default to a more favorable approach to compliance.

I am talking about the “moral” compliance compass, the compliance integrity that is aligned with the company culture as perceived by the FDA investigators. Those basic characteristics that are demonstrated at all levels of the company, from the front line workers to top management. Those actions that demonstrate that all the employees are committed to doing the right thing in the interest of compliance, whether they are being monitored or not. As an investigator you are trained to see many things beyond the realm of the managers that surround you when conducting an inspection. When you observed all employees acting to further the goal moving the firm into compliance, you as a regulator see a high probability the firm will address any deviation you detect, not because the FDA detected it, but because it is the right thing to do. This firm wide demonstration of devotion to compliance instills confidence in the regulator that any deviation will be address, correct and hopefully prevented from occurring again. It is all those small steps towards the goal of compliance that drive the firm in the right direction that allow it to fall into compliance with greater easy. Yes there are those separate issues of general knowledge of the regulations, but corporate regulatory or statutory knowledge are easier to acquire, than the dedication to making the morally and by default the legally the “right” thing that involves compliance issues. You can always bring in those resources that have the technical and regulatory knowledge instilled by training; you cannot buy morals, and integrity for your staff. These issues are instilled by example of top management and the firm as a whole when the employees enter into the company culture. It is the culture where the employees grow and gain experience within the company.

Having the integrity ingrained in all employee, places the firm at an advantage to handle most deviations detected during the inspection quickly and effectively. Integrity has not been a subject of FDA inspections directly in inspection compliance programs until the last few years, when the subject of data integrity has become an inspection focus.

The FDA focused in the past few years on data integrity issues, not because they did not exist in prior years, but new training and approaches to inspections have allowed investigators to detected and document as evidence the shortcomings in integrity of the data.  Data integrity issues have been present for many years and the FDA knew about them, but did not address them as a routine compliance approach as they do now. Data integrity and general integrity issues require in depth investigations that go beyond the regulatory audit type inspections. They require incorporating the investigation into the deeper human interaction; you have very human differences in approach to doing it. The documentation of the production issues and the data are susceptible to human errors or intentional manipulation. These are the processes that are influenced by  the general moral markers associated with the culture of the company. When you as an investigator suspect that the numbers you see on a document are not representative of what actually happens you start to question deeper. Employees providing you with that documentation become suspects and you depend on your interviewing skills to detect that the statements and documents are not correct for some reason. The reason might lead to you suspecting intentional or non-intentional reason(s) but the results are the same, they are not a true to the facts. Next comes the investigation into why they have an alternate reason for not being true. 

You quickly focus on what you perceive is permitted, allowed, tolerated, accepted, frowned upon or those things that are clearly going to get you fired in the company. Data integrity is a complicated subject when you look at those things associated with intent and motive.

 To prove intent is difficult and most inspections do not have the luxury of time, so most default to general lack of integrity of the data due to things such as what is stated in the FDA guide “the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.” without having to address intent issues if any documentation of data was intentional to deceive. Although in many of the inspections associated with failure of data integrity, evidence is discovered that the actions that contribute to lack of integrity in the data are sanctioned or ignored by management that had clear knowledge of the issues the follow up is limited to the 483. Intention or motive are not documented in the 483; the suspicious actions that contributed to the lack of the data integrity are mentioned in the Establishment Inspection Report (EIR), but not treated as direct observations from the individuals only referencing the documentation. After all, the 483 is the Notice of Observations and it is very difficult to observe intent.

This is one of the most important factors impacting the percentage of firms detected with significant data integrity issues located outside the United States verses those located in the United States. Many times the higher number of firms located outside the US with integrity issues is explained as factors associated with culture issues, but the reality is that jurisdiction and the ability to work a regulatory case into a criminal one, especially if the inspection is associated with high risk and harm.  The “long arm” of the federal law enforcement reaches at every corner of the territorial jurisdiction where a data represented as a true copy with intent can lead to providing federal investigators to title USC Title 18 charges. Foreign- based firms can be limited to import alerts and beyond, this it becomes more complicated to proceed with the investigation.   

The question remains did the company intent deviate from the general requirements of data integrity by design or were the problems caused by other factors? When you look into the issues of data integrity with intent you open the door to other federal charges that include title USC section18 providing false information, documented or verbally to a federal officer. The intent is very difficult and time consuming to investigate when captured in a routine FDA inspection so the agency defaults to the markers stated in the guide, opting to pursue a regulatory pathway. We should not ignore that in a domestic inspection; a regulatory pathway can easily migrate to a criminal one when the evidence of intentionally providing false documents or statements to a federal officer (FDA) is collected within the regulatory scope of the agency.  This is a great deterrent to the domestic firms when the subject of providing false statements or documents during the normal course of an inspection. This is different when the false statements or documents are provided intentionally in a foreign country; the entire process of a regulatory incident migrating to a criminal one is complicated, especially when the presence at the firm is basically reduced to an invitation of the local government and firm. The common option available to the FDA is to document and pursue for supporting an Import Alert, or warning Letter, which is different option from pursuing a criminal investigation. The FDA is present at the foreign firm basically under an invitation limiting its’ investigative reach to observing something at the firm to support the appearance of a violation to support an Import Alert. statements and documents.

The use of the word integrity is not common in print and in FDA regulations outside of the realm of data integrity, but in reality integrity is or should be present in everything a company does to comply with regulations because at the end it is where a company is going to deposit its’ trust that everyone that belongs there is going act on there own to contribute the firms’ meeting compliance without anyone ordering them to do so. In essence those principles referred to on the FDAs’ guide on data integrity apply to all functions of the firm to achieve compliance and reflect on the general integrity of the firm.  The FDA does not inspect the level of compliance integrity nor does it penalize you for not having it, but it does for the results of both.