Change is coming to the pharmaceutical supply chain. The supply chain review ordered by President Biden virtually guarantees it with its attempts to understand and improve issues related to supply chain transparency, security and overreliance on a few suppliers in a few regions.
Change is coming to the pharmaceutical supply chain. The supply chain review ordered by President Biden virtually guarantees it with its attempts to understand and then, within one year, improve issues related to supply chain transparency, security and overreliance on a few suppliers in a few regions.
The review is a direct response to the wake-up call emanating from the COVID-19 pandemic, which suddenly exposed the fragility of the pharmaceutical supply chain.
As the crisis progressed, the industry became painfully aware of what former Pentagon advisor Daniel Hartnett, an associate managing director with the compliance risk and diligence practice at Kroll, told BioSpace is an “over-reliance on overseas production for active pharmaceutical ingredients and other products as well as an overconcentration in specific regions, such as India and China.”
Additionally, Hartnett said, “There are a lot of bills moving through Congress,” including many with Buy America mandates and some to establish emergency stockpiles for critical goods like pharmaceuticals and pharmaceutical ingredients. “There will be a lot of tools in the toolbox,” that apply to the biopharma industry, including, possibly, tax incentives to re-shore operations.
Under the executive order, the secretary of health and human services will work with other agencies to identify supply chain risks for pharmaceuticals and active pharmaceutical ingredients, and report those risks and make policy recommendations.
One of those recommendations likely will be to extend visibility into every supplier throughout the pharma supply chain, from the big equipment manufacturers to the tiny purveyor of star anise in a remote part of China.
“It’s not natural to share a lot of information at this level, but the Administration may put some enforcement around it, with fines,” said Stacy Scott, a managing director in Kroll’s Cyber Risk practice.
Geopolitical tensions and the over-concentration of suppliers in any region exacerbates any risks.
“The U.S./China relationship has been deteriorating for a number of years,” Hartnett said by way of example.
He previously worked as a China analyst at the Department of Defense. Biopharma companies, therefore, should keep such concerns in mind and assess their risks very carefully.
“Policy changes will come from the executive order,” Hartnett predicted. It includes not only vulnerabilities, but also risks and repercussions if industry fails to modernize.
Here are four steps you can take to minimize your risk exposure:
- Review your supply chain, end-to-end, to the nth degree. It will be imperfect, at best. Map it out and assess the risks.
- Deploy an internal audit team to reassess the supply chain footprint and outsourcing decisions based on the current environment.
- Identify what can be re-shored or nearshored. Identifying products or production areas that could be returned to the U.S. or the Western Hemisphere “puts you ahead of the game,” Hartnett said, if it becomes necessary. “The executive order clearly calls out offshoring for special attention,” as well as the need to work with like-minded allies. “This tells me that companies need to consider the blowback potential for alliances.”
- Conduct a supply chain risk review to identify problem areas. Involve more than logistics and supply chain lanes and routes, to identify critical areas and the cost of disruption. Consider both cyber security and physical risks as well as the cost of disruption, which can be catastrophic.
In the coming weeks, HHS will begin identifying critical and essential goods and materials, including digital products. That includes manufacturing and other capabilities needed to produce those materials. Pharma executives should do so, too.
This includes assessing the risks posed by “the defense, intelligence, cyber, homeland security, health, climate, environmental, natural, market, economic, geopolitical, human-rights or forced-labor risks, or other contingencies that may disrupt, strain, compromise or eliminate the supply chain — including risks posed by supply chains’ reliance on digital products,” The executive order noted. The failure to develop domestic capabilities could lead to failures, exploitation, and risks, it stressed.
Sometimes it’s the ancillary things that cause problems. For example, Hartnett said, “Glass manufacturers (for vaccine vials) are overtaxed, and stressed with their own local outbreaks.” Stoppers that cap the vials are in shorter supply too, because “some overseas facilities are being shuttered or are subject to trade restrictions” due to COVID-19. Likewise, access to new, precision, equipment has been limited by the pandemic, and some pharma supplies have shifted to meet pandemic needs, leaving other medicines in shorter supply.
In light of such constraints, the countries that produce the supplies want to access them first. Even invoking the Defense Production Act may not solve that challenge.
“It even may prevent export for reimportation” during certain manufacturing steps,” Hartnett said.
“Technology supports most everything we do nowadays, so factor cyber-risks into supply chain reviews,” Scott said. “People think ‘cyber’ is just technology, but it’s also data.”
Cyberwarfare is about data and disruption. Accessing data – evening something as seemingly innocuous as invoices – provides third parties with insights into your operations that may reveal vulnerabilities. Therefore, know which supply chain partners can access your data, and what, exactly, they can see.
For hackers, Scott said, “The Internet of Things (IoT) is an easy target.” Numerous IoT-enabled devices monitor all sorts of activities, and companies rarely have the capability to secure them. That leaves IoT devices (such as temperature monitors for shipping) vulnerable, either shutting them off or making them inoperable or invisible to users.
Performing supply chain risk assessments on what, for a small- or medium-sized company, could be 500 to 1,000 vendors, is time-consuming and expensive. Scott advised triage – focusing reviews on companies and regions where disruptions have the greatest potential to disrupt your business.
