Thursday, June 4, 2020

GETTING TO KNOW REMOTE WORK


In dealing with a pandemic, one of the best choices that we have to contain the spread of COVID 19 is to work remotely. It has been almost 2 months since the lockdown in Luzon keeping most of us at home to work remotely. Let us therefore examine how to work at home and be productive and successful at the same time, we can also examine what are the best tools to work from home and how to have a successful remote meetings and project management which are part of our work as regulatory affairs officers. So how do we define remote work? Remote work is the same work as we have in the office, it is the same thing that we do, not somewhere we go. Work is still work. We still communicate with FDA-CDRRHR, process licensing requests and update the company stakeholders on important regulatory development on medical device especially in the midst of COVID 19 where PPEs and COVID kits are of great demand throughout the country. Working remotely has been done though in many settings (managed care, customer service, etc.) especially in the United States and observations from this work arrangement includes more productive personnel and more savings to the right person working from home. Working at home gives the employee more time to focus on his priority while doing the work at the same time. Example is instead of commuting to work, he may make use of the commute time to take care of his health by exercising. Also, work at home can allow somebody to spend less on food and eat healthy by eating home cooked meals. Before enjoying the perks though, one needs to understand the basics in working from home or remotely. For example, it is vital to have internet, phone and computer. One may also invest in a stand-alone monitor, keyboard, mouse, headphone with microphone, a comfortable desk and chair and a good lighting at the working space may also be necessary.
Working remotely also makes one choose where to work, in these COVID times we can choose which spot in our house but really in a COVID “less” norm of working remotely, we have a lot to choose from like coffee shop, co-working space and other comfortable places. So if one works remotely, consider also the need to have portable materials for transfer from one spot to the other like the gears that should fit in a back pack. There are also vital things to carry, most importantly - a laptop (always ensure that the laptop is fully charged), power supply and over-the-ear headphones (to eliminate background noise that may be distracting). On top of these gears, one is also never alone! There is an online community at https://workfrom.co. One can also get some deliveries and services done through www.yelp.com from food to repairs. So work at home need not be lonely, can be challenging though but with the right information, it could be a good set-up for the right person. Remember though that working remotely is not existing because of COVID 19, it has been there for a very long time, even in the Philippines and maybe this pandemic is just an opportunity for us to rethink our working style and possibly explore other working opportunities. In a remote working arrangement, it is not only confined to  a home, there are also working spaces that may be used for the employee and for other workers to build a community where one may be able to use printing services, conference rooms and even meet physically with a client which is better than meeting them in the home office. There are websites to check on co-working spaces some of these are: https://www.wework.com and https://impacthub.net. In Metro Manila, there are co-working spaces like Launchpad Coworking which is nearest to FDA, an hourly pass would cost around 200 PHP for 3 hours, 500 PHP for whole day and around 4000 PHP for the entire month. Of course, there are too many in the Manila and BGC area. Always remember though that working remotely is a privilege so it also comes with extra logistics like you may also have to seek deliveries to get done through Lalamove from time to time. Working remotely when done in a disciplined manner can be very productive, enjoyable and fulfilling.

Starting to work from home
    When one is new to working from home, there will be adjustment periods that he will be going through but there are certainly tips that we can make use of to make the transition less stressful. One is, it would be nice to clarify on the company’s remote work guidelines like the working hours or if there are days that the employee would need to report to the office, this is important because this needs to be adjusted with personal priorities like exercise or household chore times. Second is to ask the boss about the best way to communicate as well as the other stakeholders. Third is to know ahead of time the scheduled and regular meetings so as not to miss them and be prepared. Fourth is to have a buddy that is not the boss, somebody that may be asked on the submission schedules, remind mutually on daily tasks and other things that the boss shouldn’t be bugged about. Finally, it has been suggested that the best way to start the day on working remotely is to start it by listing the things needed to be accomplished for the day and it does work for many people.
     Speaking of the boss, it is also important to set expectations, like the best form of communication preferred - email, chat, phone etc. Being open to this is usually seen as a form of gratitude and if the boss does not open-up, at least he is asked and the employee did gave an idea of how he communicates, mutual understanding creates a very helpful and productive environment. One may also ask his manager about office hours, meetings, milestones and feedback because this builds a foundation to great communication and these frequent check-ins will keep the remote worker on track. Keeping a good relationship online is also vital as in the office setting so if there are times when one feels that he might have offended someone or someone is being offensive, always remember to give the benefit of the doubt and he should reach-out. Reaching out will get one to know people and know them at a personal level which would turn offense into a fruitful working relationship.

Productivity when working at home
    In order to work productively, efforts must be directed toward a clear goal. It is therefore important to set goals. To do this, first, there is a need to determine who are the stakeholders so that one can get to know them and therefore get to know what and how they want to get the work done, this also facilitates easy and direct communication. Second, it is equally important as well to get to know the team members in a project for the same reason, so far, this might sound like an overkill in communicating but clear communication lines are fundamental. Third is to determine how to track goals, working remotely also means that there is less liberty to tap people like in an office setting, this tracking is important so as to avoid unnecessary delay in work as well as avoid frequent unproductive online meetings.
   One of the advantages in working at home is that one gets to avoid the usual office destruction like gossips, unnecessary meetings and noisy officemates but note that working from home also have destructions, these includes the following among many others: Noisy roommates or family, when there are people doing construction work, barking dogs and doing even small errands may be destructive when done frequently or even the ambient noise in a coffee shop. The thing though with remote work is – You have the power to control the unproductivity! To do this, one can be regular with his remote working schedule, set boundaries with people when working, get coffee when a little tired (remember the courtesy to buy something every 2 hours when in a coffee shop though), take frequent small breaks and walk or do jumping jacks at home (no one will judge you!). In short, you can manage effectively and have the (many) opportunity to prove to your boss that you are trustworthy! We sometimes fear that our work creeps into our home/family life but if we can manage and separate them effectively there is real beauty in working remotely. Managing this includes responding to chat and emails (especially if they can wait) within working hours and another thing that may be helpful is to have some mental transition equivalent to going home from work as the shift ends, this could be in a form of turning off the laptop or taking 5 minute stroll to condition oneself and mental state that “you are home and not working!” these set the boundaries between work and home and maybe challenging at first.

Tools for Remote Work
     Are we now interested in working remotely? https://remote.com provides information about working from home from answers to queries to job hunting, this site should be the first tool to check! There are many tools that can be used for remote work. First is the instant messenger which is used for quick back and forth communication. Second is the phone but it is suggested that it should be used in a sort of “scheduled” way as the phone enables the worker to lose focus when it rings. Third is email which is used for short threads and for things that are not urgent. Fourth, is screen sharing which is usually part of our fifth that is video conferencing. Video conferencing is vital, this is where discussion on important matters from a group of people is conducted that is hard to do in chat and in other media (like how we do it in PAMDRAP for couple of times now!). There are many websites that cater to video conferencing, including: google hangouts (https://hangouts.google.com), zoom (https://zoom.us), blue jeans (https://www.bluejeans.com), joinme (https://join.me), and skype (https://skype.com). There are also video conferencing websites for larger groups like gotomeeting (https://www.gotomeeting.com), one may explore which is right for the situation and the organization.
    Working remotely can also be done in an office feel to simulate office environment, this maybe done through couple of applications including sococo (https://sococo.com) and a fackebook-like social media for office use can also be taken advantage of in yammer (https://www.yammer.com). Collaboration in a remote working environment is also made easy through cloud-based sharing like Box, Dropbox, Microsoft 365 and Google drive. There are also project management tools that allows real time updates and avoids unnecessary meetings like Trello, Basecamp, Asana, and Pivotal Tracker which may serve as the minutes of the meeting if the remote workers would want to. These tools can be used asynchronously (not in real time) for work that are not time sensitive, for status update and for questions about ongoing projects while the video conferencing solutions discussed previously are for synchronous collaboration (in real time) for urgent matters, brainstorming solutions and of course, facetime with members. There are many tools available online but it is important to find the right tool for the right job (like planning when to do phone meetings against cold calling). Most importantly one may find out how these tools can customize the needs to make remote working much easier.

Successful project management
   Managing a project has always been a part of the life of a Regulatory professional but how can one do this remotely? Project management also means interacting with stake holders constantly so it also calls for successful facilitation of remote meetings. To do this, learn the style of the stakeholders, do they prefer a weekly call or a one-on-one meeting? Also, determine the availability of the team, there are online tools to do this like Doodle (https://doodle.com) and Calendly (https://calendly.com). Best practices in successful remote meetings include sending the agenda at least an hour before the meeting and making the joiners feel comfortable by initiating with a greeting as the moderator and one may chat about life prior to the meeting to make everybody feel comfortable first as a form of a warm-up before the agenda. Note also that topics for one on one must not be discussed in a group meeting to avoid wasting other attendees time.
     To manage projects effectively, everybody must be transparent about task and deadlines and all involved must have access to shared files. First, get approval from your manager for monetary and opportunity costs. Second, the entire project must be broken down into tasks and assigned to each member of the team when applicable. Third, focus on the scope and thrust of the project so the steps are guided and the actions remain relevant. Fourth, always check from time to time to ensure that the project still makes business sense. Lastly, measure the success and debrief how the project went. Make the most of each project and treat it as a learning opportunity including all conflicts that may arise must be embraced positively to make it fruitful amidst diversity. Embrace healthy conflict to get to the goals! Conflicts may be respectful and productive but it may be avoided by watching the tone of emails and chat messages (always give the benefit of the doubt when confronted with a harsh tone), ask questions for understandings, do not make assumptions and spell it for everybody to help make a comfortable culture.
   Working from home for sometime will also make one examine his career goals and know that working from home also leads to a career path if one is wise. To succeed, make sure that there is visibility of the person and of his work, learn to share the work done with the stakeholders, be clear about professional goals set, have frequent checks in performance to stay on track, improve the workflows and procedures and one must be competent at working independently. Most importantly, track accomplishments! It is good to highlight it in the annual review to keep the organization reminded of the contributions like the number of registrations finished and the short lead time involved in this work with CDRRHR prior to registration release. Always remember though not to brag, because people can feel it (even remotely) when one is not sincere.

Wrapping it up
  Working remotely doesn’t mean that one has to be alone most of the time, there is also an opportunity to build a culture like the ones that maybe found in the office. Dressing for an occasion, sharing photos and pizza party can still be done in a remote environment taking into consideration the time zones if other teams are abroad and other distance considerations. Culture evolves daily and it is amazing that one can be a part of building the company culture even at a remote setting. A good remote culture that we may want to consider generally builds trust by leading through example, do not micromanage (it is very hard to do this in a remote setting). To build transparency, one must provide access and updates to projects and to build openness, one must be vulnerable in meetings and know when to ask for help. A regulatory officer is often alone in a company so a support group from a good culture is needed.
   A good message to take home is that a remote working environment is a good set-up for the right person. It enables one to have more time to take tea breaks, exercise, get sunlight, eat healthier (and cheaper), it also gives a good investment in self love by taking care more of ones-self, working independently and having more options to do what makes sense to the employee. Visit https://www.flexjobs.com for online opportunities that maybe available if you want to try working remotely, there are quite a few regulatory jobs there.  This article is mostly based from the presentation of Mike Gutman at LinkedIn course entitled Working Remotely.



BASICS OF DATA PROTECTION & PRIVACY


In a very dynamic and document loaded environment of a Regulatory affairs officer, it is crucial to at least have some knowledge on Data protection and privacy. Data protection (or information privacy) is protecting the processing of individuals personal data including the prevention of data loss and corruption. It is also considered as a safeguard to the processing on individuals information including making it current in a dynamic environment and considered everybody’s responsibility in a company including that of the Regulatory affairs.
Data privacy covers Personally Identifiable Information (PII). These are data that can be linked to a specific individual and in the wrong hands, the data could be used for illegal purposes like to steal identity for theft. Protecting PII therefore is the heart of data protection especially the data that are considered “sensitive PII” that includes: Home address, bank account numbers, birthdate, phone number, health data and financial data. Protecting PII though is complicated even with protocols in place, there will always be risks involved so it is important to remember PII as an assert, a responsibility and a liability.
Understanding Data protection and privacy also means understanding what Data controller and Data subjects are. Data controllers are those who are specifically responsible for processing personal information like an insurance provider, the CDRRHR and a local bank branch, a company is a data controller for both customers and employees while a Data subject are the individuals linked to the PII in the data, example are credit card holders and hospital patients. The Data controllers then process the information and there is a generic way on how data are processed. First is the collection of data, an example of this is when the FDA collects our personal information and documents as the designated Regulatory affairs officer for the company. Second is use, confirmation of the identity is an example of use like when FDA verifies with the Professional Regulations Commission (PRC) the details of the professional license of the Pharmacist. Third is disclosure, an example of this is when our company discloses our data to our health insurance providers as part of health benefits. Fourth is maintenance, this is when the Human resources maintains and updates copies of our credentials as an employee which maybe in a paper file or a digital file. Fifth is disposal when the old documents containing PII need to be shredded, this has to be disposed responsibly, observing security precautions.

Best Practices in Data Privacy & Protection
       In Data privacy and protection, there are best practices that will guide us on how to keep data safe. First is to be open on how data are being collected, there should be openness. Second is the limitation in collection, collection should only be made in the knowledge or consent of the data subject; there must be restrictions and collection must be done in a legal method only. Third is to specify the purpose and limits, information not needed should not be asked in the first place. Fourth is access and correction, if the data collected from the subject is wrong, a correction must be made as soon as possible. Fifth is data quality, this is where keeping relevant data that is accurate, complete and current are observed. Sixth is security practices where PII are safeguarded with measures appropriate to the risk. Last is accountability which ensures compliance to the law.
     A Privacy notice is usually used by a company to communicate to customers, it is part of privacy policy. A published Privacy notice is a commitment to protecting PII and allows customers to opt out on certain data processing activities if he feels against it and therefore demonstrates transparency. This is a good starting point for learning how to conduct business with other organizations.

General Data Protection Regulation (GDPR) of the European Union
      The GDPR is a concept broader than PII in the US. This is a law in Europe in which failure to comply may lead to mega fines of up to 4% of global revenue of the company or 20 million pounds whichever is greater. This law was enacted to have international consistency which should be crucial and clear in a digital economy. This also enforces stricter regulations and penalties which also means a broader scope that covers companies in EU and those companies outside EU but doing business with EU. Also, processors are covered in this law, these are companies processing data on behalf of another company. Some of the companies held by Regulatory affairs professionals at PAMDRAP are actually covered by GDPR.
      A Data protection officer is a specialist person on Data protection compliance and the point person for all the data breaches in the company and required in the GDPR. The Data protection officer helps the Data subject in his rights that are now widened. The strengthen rights of the individual are as follows: First, as data subject, one can now find out how to access his data. Second, how his data is used. Third, how to object to certain types of processing. Fourth, how to request erasure and the fifth is unique to the GDPR which is the right to restriction on data processing.
    The GDPR comes with the EU-US privacy shield, this imposes a stronger obligation to US companies to protect European personal data and replaces the previous Safe harbor agreement. This requires the US to monitor and enforce more robust measures and cooperate with EU data protection authorities. The stricter regulations mean that a Regulatory officer must be guided by the Legal and compliance team and seek guidance when unsure because it is really better safe than sorry.

Health Insurance Portability & Accountability Act (HIPAA) of the United States
       The HIPAA is enforced by the US government under the Department of Health and Human Services unlike the GDPR which is from EU.   HIPAA is the baseline privacy and security standards for medical information, it does not apply though to all health information and to every person who may see or use health information.  There are 3 types of covered entities under HIPAA, these are Health providers, Health plans and Health clearing houses. Health providers are the doctors, dentist, hospitals, nursing homes, and pharmacies but only if they transmit health information electronically in connections to covered transactions, most of these providers though are covered with HIPAA. Health plans are those who pay for the cost of medical care, this includes private health insurance companies, employer sponsored group health plans and government funded health plans like Medicare and Medicaid. Health clearing houses are those that process health information so it may be transmitted in a standardized format among covered entities.  These clearing houses act as a go-between for healthcare providers and health plans so they don’t deal directly with patients that much but note that they are still covered.
       There are other entities as well where HIPAA applies, these are Business associates, Subcontractors and Hybrid entities. Business associates are those that perform various functions for a company like legal, customer service, clinical research organizations (very common in the Philippines) and billing. Subcontractors are those that creates, maintains and transmits protected health information (PHI) on behalf of a Business associate and has therefore the same legal responsibilities as a Business associate like those workers shredding company documents hired by the Business associates. Lastly, Hybrid entities are those that performs HIPAA covered and uncovered functions as part of its business, an example of this is an in-store pharmacy (like Watson’s in the Philippines) located in a supermarket.
     As discussed, there are parties who need not comply with HIPAA, these are life insurance, automobile insurance plans, gym and fitness club, most schools and most law enforcement agencies. The health information covered by HIPAA includes any information that is created or received by a healthcare provider, health plan, public health authority, employer, life insurance company, genetic information, school or university or healthcare clearing houses. It should be noted that this information covers any form or medium including paper, electronic and oral information. The information must also relate to a person’s past, present, or future; physical or mental health or condition; the treatment provided to a person or the past, present or future payment for healthcare an individual receives.
     In HIPAA there is an identifiable health information, this is the health information that identifies or that can be used to identify a person like name, address, date of birth and SSN, HIPAA covers these. HIPAA privacy rule on PHI also covers conversations and has the same data protection as written forms. However, HIPAA security rule requires covered entities to establish data security measures only for PHI that is maintained in an electronic format, called Electronic protected health information (ePHI). HIPAA doesn’t apply to employment records, even if it includes medical information but if employee becomes ill and therefore turns into a patient, it applies. Another one not covered by HIPAA are those under Family Educational Rights and Privacy Act (FERA) like the child elementary records with school nurse visits and those that are dead for 50 years or more. Protecting data is the business of everybody including the Regulatory affairs and in cases of breach one needs to contact the management, legal compliance, privacy officers or IT.

Republic Act 10173 or The Data Privacy Act (DPA) of 2012 of the Philippines
       The Philippines is one of the top users of the web around the world, it is therefore appropriate that the country should have measures in place to protect the data of the Filipinos. The Philippines is also trying to comply with ASEAN 2020 and to help the Business Process Outsource (BPO) industry that is providing so much jobs to Filipinos, therefore the FDPA of 2012. The law covers institutions involved in the processing of personal data located in the Philippines; if the act or practice involves personal data of a Philippine citizen or Philippine resident; if the act, practice or processing of personal data is done by an entity that links to the Philippines and if the processing of personal data is done in the Philippines. The processing activities covered involves: collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure and destruction of data.
       Data protection is new in the Philippines, in fact the rule making body was just established last 2016, this is the National Privacy Commission (NPC). The NPC serves as the advisory body on all matters about data protection, NPC also launches initiatives for public education on data protection, fair information rights and responsibilities. NPC is also involved in compliance and monitoring, where it is tasked to manage registration of personal data processing systems. Lastly, NPC is also involved in complaints, investigations and enforcements of data privacy related matters. Registration of data processing systems is not mandated if an individual or institution is employing fewer than 250 employees unless sensitive personal information of at least 1000 individuals are processed.
       Compliance to registration includes notification of automated processing operations, appointment of data protection officer, adoption of data protection policies that provide for data security measures and security incident management, annual report of the summary of documented security incidents and personal data breaches and other compliance that may arise based on the judgement of NPC. DPA requires data breach notification from the data protection officer within 72 hours upon knowledge of the breach.
       Data protection and privacy has now been part of our corporate lives and it matters to follow them to protect not only the company we work for and ourselves but most importantly the privacy of the people whose data are processed everyday not only confined to the Philippine medical device industry.

SINGAPORE MEDICAL DEVICE SCHOOL EXPERIENCE




Continuing education is very much important these days in a medical device industry that is growing really fast on top of regulations that are ever changing and I was fortunate enough for the opportunity given by PAMDRAP to be able to attend the first run of the Singapore Medical Device School that would be an annual event starting next year. The first day was very exhausting for me as I need to find where the venue was which was Biopolis, I thought it was Temasek Polytechnic but I was able to locate Biopolis later without much delay. The very first of the lectures was on understanding the regulatory landscape globally and how it affects Asia, it thought the participants the key organizations involved in affecting the regulatory framework globally and the importance of taking part into molding the global regulations. This was followed by a comprehensive report on the medical device regulatory requirements and updates per member country in the ASEAN which is actually a run through of the reports from the last AMDC in Manila. A panel discussion took place after the tea break with the medical device KOLs in Asia including a representative from RAPS. Challenges on the regulatory requirements were discussed in the afternoon session in selected markets/economies, including that of China, Taiwan ROC, India, Japan, USA (includes 510k and QSR), Australia and New Zealand. The schedule was tightly packed everyday day, it starts at 8:30AM and extends up to 6:30 to 7:00PM, the topics discussed were very important though like further in the afternoon session of the first day, medical device reimbursement process in Australia was discussed, product and process changes was also tackled in a global perspective, the difference between a device and an IVD was also a topic. A very lengthy discussion was allotted to CE marks covering general requirements, IVD-CE and MDR-CE, emerging regulatory controls on radiation and wireless medical device was also among the topics, the day was concluded on a lecture on Med tech start-ups which admittedly bridged the gap between regulatory processes and the client needs to provide innovative technologies to the public.
Day 2 started with a very interesting lecture that showcases the support of Singapore to the Med tech industry, the Singapore Biodesign. What is good with the Medical Device School training program is that it shows not only the regulatory aspect but also the details on how an invention comes to life in a very complicated market and in a highly regulated industry. QMS was the main focus of the AM session covering the quality aspect of the entire product life cycle including ISO 13485 and ISO 14971, more importantly, the lecture also gives the participants a peak on how the certification body thinks. The lecture on Singapore Biodesign earlier in the morning was further supplemented by the designing process of new and innovative medical device (really cool!) A heavy regulatory affairs topic concludes the rest of the day including – the IEC requirements both for electrical and electromagnetic testing as well as software validation; cybersecurity and data protection was also added as a supplementary to the IEC discussion; biocompatibility including toxicology of the device were discussed; sterilization and packaging validation was detailed; QMS of production, warehouse and distribution was the highlight of the day followed by a separate QMS set-up discussion, which completes not just the regulatory understanding of QMS but how to bring QMS to the SMEs; the QMS set-up was only the beginning, a series of discussions dedicated to start-ups in the Med tech industry followed including physical set-up of the plant, contract outsourcing and even collaboration opportunities and setting up a clinical strategy for the medical device clinical trial. Another topic that highlighted the supremacy of Singapore as a leader in the ASEAN region for Med tech is being showcased through its National Health Innovation Center lecture where a sound support by the Singaporean government may be availed to improve Med tech. The day was concluded through a panel discussion on the clinical aspect of medical device.
Day 3 is more on a managerial crash course on the management of a medical device start-up company. I appreciate the topics very much as we hear regulatory details everyday as regulatory professionals but we seldom hear about what goes beyond regulatory like how to ensure business continuity, marketing strategies and pitching a product to investors. The day started with a discussion on medical device market trend and opportunities, a need-based approach from the patients was repeatedly emphasized. The barriers and appropriate strategies were also provided by the roster of expert speakers but the strategies presented are not just suggestions, they actually are help that may be provided by the Singaporean government via the MedtechBOSS eNetwork, at this point in the training, one can feel how proud Singaporeans are of the help their government provides and how everybody wished they are from Singapore. The next topic talks about healthcare softwares and e-commerce including the apps that are getting so much attention these days. A lot of soft skills were discussed throughout day 3 including standard hospital procurement of medical devices, code of ethics in the medical device industry, human resources management in medical device companies, fund raising and pitching to support new and innovative products as well as awareness of funds and support from both private and government sectors. Minor regulatory topics were also given attention like patents, trademarks and liabilities; labelling; UDI barcode requirements and updates; PMS in medical devices including handling complains, post-market clinical follow-up and FSCA; and GDP for importers and distributors.
Finally the 4th day came so fast and this day was purely dedicated to Med tech innovation at the laboratory level. A refresher on the medical device development was made but with a touch of engineering, the next lecture was on genetic engineering and tissue engineering which was further broaden to stem cells discussion, clinical chemistry aspects was also a topic and later in the afternoon, advanced topics like 3D printing and microfluidics wrapped up the classroom setting. A plant visit concluded the day where the class went to JTC Med tech hub’s manufacturing sites and were able to keep in touch with actual SMEs of Med tech that started up in Singapore. The event was very enriching professionally, I hope that more people will be able to experience what I experienced as at the end of the day, I went home to the Philippines inspired of how much potential is just waiting to be nurtured onwards growth in the local med tech industry.


ANTIBRIBERY FUNDAMENTALS


Regulatory affairs involve regular transactions with government officials in their respective offices as FDA, PDEA, DDB, PNRI, PNP, NTC, OMB and DENR to name some. Therefore it is important for a regulatory affairs professional to be able to identify if his actions are leaning towards bribery. Bribery is defined as the act of influencing a government official by offering anything of value to gain an improper advantage. By being familiar with the basic principles of antibribery laws and conventions; the elements of bribery; how to recognize bribery and how to avoid it will keep the regulatory affairs professional safe as well as the company he is working for. This feature will attempt to give a related and simplified information on bribery applicable to regulatory affairs professionals.
Throughout the world, antibribery conventions are in place. The established ones are that of (1) United nations, (2) Organization of Economic Cooperation and Development (OECD), (3) Council of Europe, (4) the European Union, (5) Organization of American States and (6) the African Union. In the USA, the Foreign Corrupt Practices Act (FCPA) is in place. The FCPA covers non-US government officials (yes!); political candidates and political parties; and public companies. It is important to note therefore that this Act applies to US companies, nationals and residents regardless of whether the bribery related activities take place in the US or elsewhere like the Philippines. Further, this act holds US companies that they may be liable for the violations of their non-US subsidiaries, employees and agents (example is GSK in China, 2014). This Act also applies to non-US companies and individuals if they use the US mails or other forms of interstate commerce to bribe non-US officials. Even the non-US companies that file reports at the US Securities and Exchange Commissions (SEC) may also be held liable. The UK Bribery Act is another important convention, this act covers anyone and not just the government officials who accepted bribe or “kick backs” in exchange for improperly performing public, business-related or employment-related functions. Any commercial entity that is organized or does business in the UK is automatically liable if someone who’s associated with it, such as an employee or even agent commits bribery on its behalf, there is therefore a huge burden for the regulatory affairs professional to act appropriately as a compliance to this Act. Bribery charges in the UK may be avoided though if the company can show that it has adequate procedures in place to prevent bribery. The EU convention on the other hand, that covers all the 28 member states enforces that each state must enact laws prohibiting the bribery in EU and that those laws may apply to people or entities outside EU. If more than one EU member state though is affected in the bribery, it is up to the member states involved to decide who will deal with the bribery act. The OECD composed 38 countries wide (excludes the Philippines) also enforces bribery vigilance regardless of where the business dealings take place.
In the Philippines, the main legal framework for bribery is RA 3019 (The Anti-Graft and Corruption Practices Act) which prohibits requesting or receiving any gift, present, share, percentage or benefit, for himself or for any other person, in  connection with any contract or transaction between the government and any other party, wherein the public officer in his official capacity has to intervene under the law, among other things. RA 6713 (The Code of Conduct and Ethical Standards for Public Officials and Employees) also prohibits public officials and employees from soliciting or accepting, directly or indirectly, any gift, gratuity, favor, entertainment, loan or anything of monetary value from any person (a) in the course of their official duties; or (b) in connection with any operation being regulated by, or any transaction which may be affected by, the functions of their office. Presidential Decree No. 46 (Giving of Gifts on any Occasion) also punishes the act of giving or offering to give, to a public official or employee, a gift, a present or other valuable thing on any occasion.
Bribery is composed of 3 key elements: the government official, anything of value and improper advantage. Government official applies to non-US officials as well for the FCPA. In UK, a government official is defined as somebody holding legislative and administrative or judicial or exercises a public function. Officials of public international organizations like the UN are also considered government officials. In EU, officials of the EU member states are covered noting that a national official varies in each of the member states. In OECD, foreign public officials are also included and even agents of international organizations like NATO (North Atlantic Treaty Organizations). In the Philippines, the law currently do not penalize the corruption of foreign public officials. The second key element which is – anything of value includes any sum or gift if its intention or effect is to cause undue influence. A promise or offer of a gift is also considered as bribery. It is therefore important that a Regulatory affairs professional observes gift giving at an appropriate time and in appropriate circumstances and manner (esp. this coming Christmas season). In the Philippines, domestic bribery in private to private is not regulated neither penalized. The last key element which is – improper advantage is as defined. It is important to note however that the FCPA provides exception to this to speed up or secure performance in activities as obtaining permits, processing government papers, police protection and for paying phone service, electricity and water supply. In the Philippines, facilitation payments are not allowed under Philippine anti-bribery and anti-corruption laws, as payments to public officials by reason of their official position are penalized.
 There are 3 kinds of bribery in the Philippines, (1) direct bribery, (2) indirect bribery, and (3) qualified bribery. Direct bribery is committed by a public officer who accepts an offer or promise or receives a gift or present, by himself or through another, with a view to committing a crime, or in consideration of the execution of an act that does not constitute a crime but is unjust, or to refrain from doing something that it is his official duty to do. Indirect bribery is committed by a public officer who accepts a gift offered to him by reason of his office and Qualified bribery is committed by a public officer entrusted with law enforcement, who refrains from arresting or prosecuting an offender who has committed a crime punishable by imprisonment of 20 to 40 years and/or death, in consideration of any offer, promise, gift or present. The maximum penalty for direct bribery is 12 years in prison and a fine of not less than 3 times the value of the gift or the promised gift. For indirect bribery, imprisonment for maximum of 6 years plus suspension and public censure. The penalty for qualified bribery is the penalty for the offense that was not prosecuted
How do we avoid bribery then? A company should not engage in any agents or hire employees who has a family or business ties with government officials, anybody with a reputation for corruption and those who refuses to sign a written anti-bribery and corruption agreement. Pre-employment questions/information may be sought for like the educational and professional background, how long is the person been employed in the government or has the firm been owned by the government in the first place, the details on commission fees should be disclosed as it may be questionable if it is too high, if there are complex payment structures leaning to bribery and if the agent or employee is open to his methods in doing business. It is important to note that one or more laws may apply in bribery and that there are serious consequences involved when one is proven to be involved in bribery like stiff penalties in the form of fines and prison terms. On the other hand, it is also damaging to the company as the company may be excluded from public sector contract and that the company reputation will also suffer. A regulatory affairs professional should be wise enough to evaluate his actions as part of the daily routine is transactions with people at the government.