From The Editor | June 29, 2018

The SEC And The Risk of Biopharma Outsourcing

Louis Garguilo

By Louis Garguilo, , Chief Editor, Outsourced Pharma Follow Me On Twitter @Louis_Garguilo

SEC building

Two of the most widely covered biopharma-related news stories in the U.S. involve a regulatory agency, as you might expect.

But that agency isn’t the FDA.

It’s the SEC (United States Securities and Exchange Commission). What transpired serves to remind us the SEC is increasingly interested in our evolving business models, including for drug development and manufacturing. Particularly for this reason:

Your outsourcing is a serious and reportable risk.

Infamous Reminders

The two cases briefly:

In March, the SEC sued Elizabeth Holmes, President of Theranos, for fraudulently raising more than $700 million from investors. Her statements around revolutionary blood tests for individual patients were untrue. She settled those charges with fines and relinquishing control, and was barred from serving as an officer of a public company for ten years. Then in June, Holmes was indicted on federal wire fraud charges, again related to her role as head of Theranos.

Starting back in December of 2015, the SEC charged the man who became known derisively as the “Pharma Bro,” Martin Shkreli, former CEO of Retrophin, with committing fraud during a five-year period, while he was also working as a hedge fund manager. Last summer a jury convicted him on two counts of securities fraud and one count of conspiracy.

These events, other than tainting the overall biopharma industry in the eyes of the public, will seem to have little to do with you or your company. But they should in fact caution businesses with strategies for drug development and manufacturing based on evolving models of outsourcing.

Start-up and virtual drug developers, as well as commercially established organizations and Big Pharma, need a mental correlation between how you treat and what you tell investors about the risks and potential of your overall business, with how you treat and talk to patients about the risks and potential of your specific products.

For example, some risks concerning the FDA (and patients) turn out to be the same concerning the SEC (and investors): Do all the partners and elements that make up your drug development and manufacturing supply chain fully comply with cGMP standards, in both practice and reporting?

In other words, non-cGMP compliance is an umbrella risk, and for us particularly, one that directly ties CDMOs into drug-sponsor relationships with both the FDA and SEC.

At a recent Outsourced Pharma Boston conference, a representative from the FDA made this interesting analogy.

“My background is microbiology. I joke about how I see things differently from my husband, who's an engineer. What we see as risky in our house is completely different, but they could both be legitimate concerns. Yes, the ceiling could someday fall, but I'm worrying that there's raw chicken on the counter top.”

The FDA is looking through that prism of what is going on to create the drug, and the SEC on the structure that the entire operation is built upon. Both vitally important. Both requiring full risk assessment and reporting.

Internal Understanding For External Reporting

You can’t however, report what you don’t understand.

There are a myriad of new biotechs joining the ranks of mid-stream and well-established organizations, all dependent on somebody else’s organization to perform most everything (and often everything) related to their drug development and manufacturing.

We hardly blink (maybe we actually wink in approval) at the notion of starting a business without a single biology or chemistry lab, or piece of analytical equipment. We accept that these businesses are initially fueled by private investors and equity.

I asked the panel of experts at Outsourced Pharma Boston what advice they’d give CEOs who are reliant on those investors, and on business models where CDMOs do the development and manufacturing.

“In terms of your obligation for disclosure in financial documents, the answer is: Disclose everything you and reasonable investors might deem material to their investment decision. Therefore, you need to have appropriately managed risks, so investors then don’t go running in the other direction,” replied one of the panelists.  

He added that unfortunately, it appears there’s a minority of CEOs – and directors – who fully understand many of the issues involved with a highly outsourced model.

And a key component of that model is data management. “That’s sort of the last piece considered, if it’s considered at all. How do you more nimbly understand all that data received from your CDMO, and how do you insure compliance with data integrity mandates when you are one-hundred percent reliant on third parties for development and manufacturing?”

A second panelist weighed in on the inherent risk in the sharing, management, and fully comprehending of data in an outsourced drug development and manufacturing model.

“Today bankers, investors, and boards held accountable for biopharma companies are saying, ‘Wait a minute, we thought just clinical trial success and approvals would get us the valuation we want. Now we have to worry about the chain of custody and full comprehension of third-party derived and analyzed data.’”

He asked the assembled audience: “Will we be prepared when a board member asks, ‘What are you doing about data integrity? How are you managing that?’ It’s not just about clinical-trial results, or a therapeutic’s mechanism of action in the body, but also the ability to develop and manufacture with external partners while maintaining data transparency. These are no longer FDA issues alone - the SEC and savvy investors have taken an interest in all outsourcing risks.”

Compliant Virtual Manufacturing

“’Compliant virtual manufacturing’ is the objective,” said a panelist. “While public companies, and those looking to go public, are likely to disclose the fact they outsource, they typically lack details about that risk. For example, potential or actual lack of 21 CFR Part 11 compliant data systems, failure to meet all cGMP standards, potential loss of manufacturing intellectual property, etc. That is the level of specificity the SEC is looking for now.”

And the agency is looking because with more investing and funding opportunities, and variable models of virtual and other start-up biotechs and drug developers, it needs to get more involved. Today, say our experts, “It’s clear the SEC requires disclosure of all material information about a business seeking to attract investment.”

So biopharma organizations of all sizes need to ensure the comprehensive disclosing of business risks in their investment solicitation documents and SEC filings. This means actively investigating the relationships with, and operations of, development and manufacturing partners. If you err, we are told by our experienced industry consultants, err on the side of more disclosure.

Outsourcing needs to be “front and center,” and risks such as data integrity uncovered, thus your CDMOs and other service providers are an integral part of your financial reporting and overall business risk profile.


This editorial was based on the session at Outsourced Pharma Boston 2018: “Does Your Risk Management Plan Satisfy The FDA and SEC?”

Panelists for the session:

Ranjani Prabhakara, Team Leader | FDA
John Lee, SVP, Pharmaceutical Development | Decibel Therapeutics
Robert Di Scipio, CEO | Skyland Analytics, Inc.
Jason Foss, Managing Director | Results Healthcare
Jonathan Lieber, Chief Financial Officer | Histogenics (Moderator)