Twenty years into a broad-based healthcare legal career, later with an emphasis on compliance, Christine Zettlemoyer took a yearlong sabbatical to spend time with family. She’d built an extensive résumé at Merck as a reliable legal business partner with increasing responsibilities and an ever-expanding scope, including a stint as Merck’s first general counsel to its fledgling global vaccines business, before retiring as head of global compliance oversight, monitoring and audit for the pharmaceutical company.
Zettlemoyer’s expertise in managing government investigations and corporate integrity agreements, in addition to building out a global compliance program, made her a perfect fit for the new compliance role at CSL Behring when she returned to the workforce. “I walked into this role knowing that it would be very important that we custom fit the compliance program here to CSL’s unique business, products, and people,” Zettlemoyer says. “That’s exactly what we’ve done since I’ve been here.”
Since joining CSL in 2013, Zettlemoyer has, in collaboration with her colleagues, successfully enabled CSL’s compliance program refinement starting in North and South America and then extending out to the rest of the world. In recognition that business collaboration would be key to business ownership and accountability for compliance, most compliance program elements were designed and implemented through joint compliance efforts with the affected business teams.
Zettlemoyer came to CSL with a clear understanding of the challenge ahead. Although the existing compliance program had taken positive steps around policies, employee compliance training, and hotline support, like many pharmaceutical companies, the compliance function was competing for resources in a cost-conscious company with a strong focus on efficient operations. What may have seemed like a daunting compliance challenge for many was the opposite for Zettlemoyer. “I think that because of my previous Merck experience, I looked forward to the challenge,” she says. “I was actually excited at the prospect of applying all I’d learned previously about what works—and what doesn’t—in support of CSL’s unique journey toward establishing a robust global compliance program.”
Early compliance risk assessments, both for North America and international markets, were invaluable in identifying and prioritizing both known and unknown risks. These assessments also helped frame priority resourcing and remediation plans for the company. “In the first year or two, there was a significant focus on our US compliance program in light of the continued growth of CSL’s business here as well as heightened US pharmaceutical compliance and enforcement risks, both civil and criminal,” Zettlemoyer says. “We spent time partnering with the organization at all levels, really focused on setting up solid policies and procedures, improved training, and developing processes and tools custom fit to the way CSL operates.”
Zettlemoyer says CSL purposefully didn’t take a traditional big pharma approach to any elements of the compliance program. The goal was to instead go lean and set aggressive but achievable targets, with a heavy focus on priority risk areas. “We were able to step back and take a more strategic approach and be successful in part because we were able to capitalize on CSL’s strong values and management’s dedication to doing the right thing,” she says. “We’ve had a strong, well-articulated Code of Responsible Business Practice for some time now, with integrity representing a core value here at CSL.”
Tapping into CSL’s resulting company-wide compliance IQ has served the company well on multiple fronts. “Over time, I have definitely observed the fruit of our compliance endeavors,” she says. “Employees here have greater confidence today in approaching their own responsibilities with a compliance mind-set and engaged employees are CSL’s greatest asset,” Zettlemoyer says.
CSL’s overarching business integrity function also includes significant data protection endeavors, managed primarily from Europe. The data protection function is currently focused on meeting the new regulatory bar set by the recently passed European Union General Data Protection Regulation (GDPR) that went into effect in May. “The GDPR distilled the need for every company in our industry to rethink how we manage personal data across our businesses to ensure readiness in advance of the GDPR go-live date this year,” Zettlemoyer says. “I suspect, as many do, that GDPR is the first of several new data privacy regulations that challenge businesses to prioritize data privacy by design as we develop new business practices, systems and processes into the future.”
The next phase of CSL’s compliance plan will further establish and refine its global and regional program structure around the globe to accommodate the company’s growing business needs. “Securing quality talent to efficiently staff our function is essential to assuring that we understand and can stay in tune with the business’s most important needs on an ongoing basis,” Zettlemoyer says. With the build-out of CSL’s compliance infrastructure now well underway, the organization expects to more effectively engage the business at all levels globally.
When gauging success, Zettlemoyer returns to the support she’s received from senior management at CSL and the open dialogue she believes lies at the core of company values. “The quality of that dialogue speaks volumes in terms of how effective and embedded our compliance program is becoming,” Zettlemoyer says. With two major compliance challenges under her belt, Zettlemoyer might be posed to write the book on compliance, but according to her, there is only one critical chapter that needs to be written on the subject. “You can’t impose compliance on an organization; it needs to be part of the fabric or DNA of the company.”