Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Strategy for Foreign Regulatory Compliance

#1
Hoping to start a discussion on how companies handle regulatory compliance where regulations are only available in foreign languages (so you cannot read/interpret the requirements for yourself, do gap analysis, etc.). Here are some initial points of discussion:

1. Consultants
Obviously, if you can't read/interpret regulations yourself, a consultant of some sort will be necessary.
a) What controls to you impose to ensure they are reliable?
b) Because the specifics of the regulations are opaque to you, what steps do you take to ensure, insofar as possible, that you are completely compliant?
c) What responsibility does the consultant have if you're found to be non-compliant?
d) Do you source a dedicated consultant for every region? Or is it effective/advisable to go through a giant "1-stop-shop" consulting firm to handle most cases?

2. System Procedures
How do you know what regulatory requirements need to be translated into system procedures? For example, most regions have requirements for things like reporting, recall, advisory notices, and change notification. What is your strategy?
a) Does your consultant just advise on how your existing procedures need to be updated?
b) Do you maintain a new procedure for each region (as dictated/advised by a consultant)?
c) Is it possible to generalize your procedures such that there are triggers for such events, at which point approved consultants are consulted?
d) ...

3. Surveillance
How do you stay on top of changes to foreign regulatory requirements? Some consulting websites have feeds or email notifications that provide basic updates, but because you can't read the actual regulatory text, it's often difficult to interpret how a notice of a proposed regulatory change might affect you. Do you go to a consultant every time there is news of a potential regulatory change? ...or perhaps it is possible to offload some responsibility for surveillance to a consultant in a supplier agreement?

Curious to know how you deal with these challenges in your organization...
MM.
 

Marcelo Antunes

Addicted to standards
Staff member
Admin
#2
This is a great topic, and something I've been discussing and doing with my clients for several years now. Unfortunately, the main problem in my view is this: if you are the manufacturer (usually the one responsible for compliance) you HAVE to have knowledge of the regulation, even you are using consultants or distributors to do part of the work.

One way to do that is to create (or pay for a service) a database of regulatory requirements in target countries.

More comments soon.
 
#3
We sell "class 1" into 50+ countries so this is a really hot topic for me. First, I'll say it is dangerous to generalize yet there are some trends and commonalities among different countries. Second, because our product (examination gloves) is basic medical supply good, some of our customers are not that sophisticated in terms of compliance, as this is part of their larger disposables product mix.

When I started 2 years ago, we sold into 6 countries and relied solely on our distributors to provide us regulatory compliance guidance. This was very high risk with our customers sometimes having conflicts of interest, and invariably, if we asked the same question to three customers we would get four answers (lawyer joke) - Mexico being the prime example of receiving conflicting information when we changed our company name. On the other end of the spectrum are our customers in Japan, they spell things out for us and are on the hook as MAH.

Fast forward to today. We still rely heavily on our customers for things like labeling and for our private label customers, it's their name on the box so for the most part, they are (or appear to be) very cautious. For the EU and the U.S./Canada we have dedicated regulatory affairs leads who handle all of this work. For countries "like" Russia, KSA, Brazil, Mexico, South Africa (good sized market, sophisticated requirements), we hire consultants. For the ROW, we are still heavily reliant upon our customers, verified with our own desk-based research. Still far from ideal but at least we are paying attention now and not blindly following customer advice.

Just last week we signed a contract with a company called RegDesk, which offers a nifty web-based tool that covers a lot of the smaller countries with machine-translated / verified regulations available. I haven't worked with it yet but it seems like a powerful way to get up to speed in a hurry.

So it is, like all things, a work in progress. Surveillance is the next focus, market access was the primary focus.
 
#4
...When I started 2 years ago, we sold into 6 countries and relied solely on our distributors to provide us regulatory compliance guidance. This was very high risk with our customers sometimes having conflicts of interest, and invariably, if we asked the same question to three customers we would get four answers (lawyer joke)...
This is similar to the situation I'm in at the moment. Up until now, we've depended largely on distributors consultation who, in some countries seem to know their stuff, but in others it's...questionable.
It's also difficult to get a consistent idea from freely available consulting articles and websites, as many have conflicting/inconsistent accounts of what's required. Surveying a bunch gives a general picture, but at the end of the day it's difficult to know for certain what exactly is required...

Just last week we signed a contract with a company called RegDesk, which offers a nifty web-based tool that covers a lot of the smaller countries with machine-translated / verified regulations available. I haven't worked with it yet but it seems like a powerful way to get up to speed in a hurry.
Perhaps this is one of those databases that Marcelo refers to? Sounds great - exactly what I'd be looking for! However, my only hesitancy is with regards to the authority of such sites. How do you know the translations are accurate and up-to-date? Do they cover all associated guidances, recognized standards, etc. - enough to get a clear picture of the regulatory requirements? They are presumably not endorsed/recognized by the actual regulatory bodies, so their content (as far as authority) is no different from that of a consultant, no?
 
Last edited:
#5
This is similar to the situation I'm in at the moment. Up until now, we've depended largely on distributors consultation who, in some countries seem to know their stuff, but in others it's...questionable.
It's also difficult to get a consistent idea from freely available consulting articles and websites, as many have conflicting/inconsistent accounts of what's required. Surveying a bunch gives a general picture, but at the end of the day it's difficult to know for certain what exactly is required...
Glad to know I'm not the only one. When gathering information, I start at the official government websites, then move to export.gov, then move to the WHO, then work my way through any third-party materials. Google translate is my friend, despite being unreliable, because at least it provides me key words for my searches.

What I don't like about a lot of the consultant-based websites is that they are trying to sell you license holder services (among other things) so their advice, while not generally inaccurate, always seems to point to you needing their services. So I think they omit information and I agree with you that they are inconsistent. The main issue I have struggled with is whether we are allowed to have more than one registration for the "same device" in any particular country (i.e. can we have more than one distributor or do we need to employ an independent license holder). It is certainly not in some consultants best interest to answer this question and, often, the practice allows multiple registrations even if they appear to be prohibited to the law, probably because the internal controls of the various government departments don't allow them to stop multiple registrations. Customs, in Indonesia for example, will give us problems where the "FDA/MoH" did not.

When we get into the nitty-gritty requirements (approaching what are practically device-specific requirements). We have to rely on the customers because they've actually done it (one experiment is worth 1,000 expert opinions - which Cove member's signature is that? :) ) - whether they've done it incorrectly and just haven't been caught is another. Again, gloves don't tend to garner much attention aside from the natural latex allergy issue and the powdered glove bans of recent years. To me this is a double-edged sword because we can do things wrong and never know it - until we do - and then it's too already too late. I am looking for some tool to assess this risk, then mitigate it.

Perhaps this is one of those databases that Marcelo refers to? Sounds great - exactly what I'd be looking for! However, my only hesitancy is with regards to the authority of such sites. How do you know the translations are accurate and up-to-date? Do they cover all associated guidances, recognized standards, etc. - enough to get a clear picture of the regulatory requirements? They are presumably not endorsed/recognized by the actual regulatory bodies, so their content (as far as authority) is no different from that of a consultant, no?
Having not been raised in a QMS culture and having received no proper training, while saddled with supporting massive commercial targets, I worry about these things but have to take the position that some information is better than none and make the business aware of the risks of failing to comply or acting on incomplete information - then let them decide.

With this RegDesk, in particular, they claim to use machine translation to translate all the regs and then rely upon multiple (at least 2 but usually 3-4) local MD consultants to verify the translations. They also have a survey program in place with their local consultants to be kept abreast of the published changes. But don't consider this a recommendation as of yet, because I haven't actually tested the product/service - our regulatory guys in the U.S. and Europe have driven the project to this point.
 
Last edited:
Top Bottom