Outsourcing, supply chain and data management risks demand holistic enterprise risk management. By Luigi Koch, Head of Life Science in Europe at JLT Specialty.
With companies in Europe and the US under increasing pressure to reduce costs and boost shareholder values, M&A activity has surged in the life science sector in recent months.
Whether buying a high-value niche product line or divesting assets, M&A presents both opportunities and challenges, from cyber risk to supply chain disruption and the risks associated with third-party outsourcing.
As companies across the life science sector buy, sell and amalgamate operations, ripples are felt throughout the supply chain.
Yet such is the pace of change that many companies may not even be aware that their tier-two or tier-three suppliers have been replaced.
Cyber risk in supply chains
Cyber risk is also a key consideration, as a cyber attack within the supply chain could potentially bring business grinding to a halt.
Meanwhile, outsourcing clinical trials and drug production to contract research organisations (CROs) and manufacturers is on the rise. Outsourcing this complex, costly and time-consuming process to external companies demands a significant due diligence effort, particularly when entering new jurisdictions.
In the current environment, Western life science companies are particularly keen to partner with firms in the Asia-Pacific region where they can access resources, capabilities and speed at low prices – diagnostic tests and procedures, for example, cost on average 25 to 40 per cent lower in Asia than in Europe.
Working with suppliers in emerging markets could increase supply chain vulnerability owing to the heightened risk of power outages, trade sanctions, infrastructure failures and other perils, demanding ongoing monitoring.
It is therefore essential that risk managers conduct regular assessments of their supply chain exposures and suppliers’ cyber resilience to mitigate risk and ensure they obtain adequate levels of insurance coverage from their underwriters.
Holistic, data-driven approach
In response to the increasing globalisation and complexity of the life sciences industry, regulatory reforms from health authorities such as the European Medicine Agency have brought compliance, safety and intellectual property (IP) considerations to the fore.
With a heightened focus on regulatory responsibility and product quality, it is vital life science companies employ consultants, lawyers and technical experts with the right experience to tackle these risks.
An increasing number of firms are engaging tech companies to run loss scenario tests to assess the potential impact certain exposures could have on their businesses.
It is also possible to model supply chain risk across a firm’s network, mapping critical supply points and quantifying exposures on a product-by-product or location basis in real time.
Importance of data
Data analytics can be critical from a business perspective too, helping companies comply with regulations, better understand their target patient populations and develop products. However, risk managers must know where the data comes from, who owns it and how it should be harnessed, as poor data analysis can be counterproductive.
As well as ensuring data integrity, life science companies must, of course, continue to keep patient data privacy risk top of mind as their use of data analytics grows.
The implementation of GDPR means boards are now accountable, and compliance starts from the top.
Boards must ensure they establish thorough procedures, actively manage contracts and improve the privacy awareness of staff throughout their organisations.
Indeed, facing an array of risks, life science companies increasingly need to embrace a holistic enterprise risk management approach. In order to do this well, this must be led by the C-suite.
For more information, please contact Luigi Koch, Head of Life Science in Europe at JLT Specialty on +41 79 850 22 78