Life Sciences

Offshore Trial and Error

Clinical trials conducted abroad are a necessity in life sciences, but the complex risks must be carefully managed.
By: | December 14, 2016 • 6 min read

American life sciences companies conducting clinical trials abroad confront a tangle of risks that require careful planning, well-drafted documents and the aid of local organizations to navigate laws, regulations and customs of each test site, lest errors and oversights produce costly delays and faulty clinical data.

Advertisement




The biggest risk for overseas clinical trials, said Jim Walters, managing director, Aon Risk Solutions’ life sciences group, is “working through the myriad regulations,” both for insurance and clinical requirements, so “sponsors can meet local ethics committees and regulatory requirements to get the trial started.”

American companies’ efforts to grapple with compliance risk, said Jack Bodden, managing director, global risk management, Marsh, is complicated by different regulatory requirements in each country.

Compensation requirements for participants in clinical trials vary broadly between countries, he said, and the “ask” of sponsor companies from regions and clinical sites often differ from the country’s written regulations. “Not getting regulatory risk managed well can delay or halt the trial,” he said.

For example, the United States does not require clinical trial liability insurance coverage — the equivalent of product liability insurance for clinical trials. But as a practical matter, the ethics committees of the hospitals where trials take place would reject any trial that did not show evidence of the sponsor’s insurance, said Frank Goudsmit, senior vice president, life sciences and food market segments, Chubb.

Likewise, accident insurance for participants’ travel to and from the trial site has become customary in Germany, although it’s not required by statute, Goudsmit said.

Jack Bodden Managing director Global risk management Marsh

Jack Bodden
Managing director
Global risk management, Marsh

Until recently, said Bodden, several European Union countries required sponsors to provide evidence of insurance protection for its patient population that exceeded protections in commercially available products.

“Sponsors couldn’t comply because there wasn’t even an insurance option available to satisfy the requirement,” he said. Ultimately, pharmaceutical companies organized and negotiated a compromise with regulators that enabled their compliance while preserving the highest standards of patient safety and protection.

Local Partners

Even within a country, regional and local customs can vary, calling for experienced local partners to navigate variations in written and unwritten rules, said Dan Brettler, life science and technology co-practice leader, Conner Strong & Buckelew.

Individual clinical sites may look to expand requirements beyond clinical trials liability, he said, such as indemnification for professional liability, or they may require local admitted insurance even where the country permits nonadmitted cover.

How does a sponsor control its risk in environments where inconsistency is the only consistent factor?

“Dealing with experienced contractors and writing comprehensive contractual agreements is part of the liability equation,” Brettler said.

122016_03_riskreport_chart

“Sponsors must be mindful of insurance and indemnification contractual provisions with their CROs, clinical sites and supply chain partners, especially in countries with a history of product contaminations or regulatory violations.”

CROs, or contract research organizations, are local companies that sponsors hire to help manage development and implementation of their trials. CROs should know the local statutes, customs, ethics committees and decision-makers in the sites where a trial is proposed, said Walters.

CROs should also be vetted, said Dr. Rasika Birewar, owner, sehatINDIA Healthcare Services in Mumbai.

Advertisement




“The CRO shouldn’t escape risk assessment because it’s local to a country. Sponsors have to do their own due diligence on the CRO because the onus is on them to comply with regulations and laws in every site’s country.”

“The sponsor needs eyes and boots on ground in addition to the CRO,” said Rob Dickey, chief financial officer of Tyme Technologies Inc., which has conducted clinical trials in North America, Europe and India.

A manager in the direct employ of the sponsor should oversee the CRO, Dickey said. “If something falls off a table in the treatment room and hits a patient’s foot, who’s responsible?”

Medical care in that case, where the injury is unrelated to the investigational product, might be a standard part of coverage in their world, he said, but not necessarily in ours. “A lot of stuff can happen when you’re not there and there’s a seven-hour time difference. You need someone to oversee that.”

As in the case with rare diseases, sponsors sometimes conduct trials all over the world to accrue a statistically valid sampling of patients with a particular disease state, said Goudsmit. That could involve two or three patients in a dozen countries — and local representation in each of those.

Good Documents

A secondary risk, almost rivaling compliance, is appropriate documents that meet regulatory standards in the right hands well before the start of the trial, said Walters.

“Sponsors don’t want wrong language in the insurance documents to delay the trial,” said Dickey. “The ethics committee in a given hospital may not meet for another six months.”

Clinical trial liability insurance, which responds to bodily injury to patients arising from the trial, is near-standard in custom if not by statute. In an industry that quantifies risk assiduously and prices its coverage accordingly, Bodden said, “clinical trial liability insurance may cover drugs and devices that have not yet proven to be safe and effective.”

Drugs undergoing clinical trials aren’t always new; approved drugs may undergo new trials for treatment of a different disease state.

Dan Brettler Life science and technology co-practice leader Conner Strong & Buckelew

Dan Brettler
Life science and technology co-practice leader
Conner Strong & Buckelew

In addition to clinical trial liability coverage, all trials must include informed consent documents that provide prospective participants “adequate information to allow for an informed decision about participation in the clinical investigation,” according to the FDA.

The document must be written in language understandable by laypeople, describing the study’s purpose, duration, expectations of participants and any risks exposed in the animal trials that precede the human trials.

Many CROs buy errors and omissions (E&O) insurance to protect themselves against sponsors’ allegations of financial injury arising out of negligence.
That can easily run into millions of dollars if the trial has to be repeated, Goudsmit said.

“If the clinical data isn’t acceptable to the regulatory body because of mistakes in research — if the CRO didn’t follow good clinical practices — E&O insurance would cover the cost of re-conducting the trial,” Goudsmit said.
Clinical trials can account for two-thirds of the cost of developing a new drug, said Praveen Gupta, managing director, chief executive officer, Raheja QBE General Insurance Co. Ltd., in Mumbai.
A demonstration that an investigational drug or device meets its safety and efficacy targets is the litmus test for regulatory approval. Trials can fail to meet their endpoints — generally not insurable — if they can’t demonstrate sufficient efficacy.

If the product fails because of safety concerns that manifest themselves during the trial, participants may well have suffered bodily injury.

“If a product fails to meet the regulatory endpoint because of safety concerns,” Goudsmit said, “that can absolutely result in a human clinical trial liability claim.”
In that case, he said, patients’ attorneys will ask, what did the sponsor know about possible adverse events, or what should it have known? Was the informed consent document thorough? Was it understandable?

FDA Approval: Gold Standard

Sponsors conduct their clinical trials where they can find patients with their targeted disease state or a specific DNA pool; they may go offshore to find “treatment naïve” patients to produce unambiguous clinical data; but they universally seek their regulatory endpoint — proof of safety and efficacy — and they almost universally seek FDA approval.

Advertisement




FDA approval is the coveted gold standard of regulatory approval both because the U.S. market is the world’s most lucrative, offering the innovator company the greatest pricing flexibility, and because most countries will also grant approval if a product meets the FDA’s high standards, Goudsmit said.

The FDA, and most other regulatory bodies, will accept data from clinical studies conducted anywhere in the world, said Walters. “Sponsors just have to adhere to the approved protocols and follow good clinical practices.”

“Countries want to protect their populations from unproven drugs and devices,” said Bodden. “And pharmas will do everything possible to keep patients safe.”

Susannah Levine writes about health care, education and technology. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Cyber Liability

Fresh Worries for Boards of Directors

New cyber security regulations increase exposure for directors and officers at financial institutions.
By: | June 1, 2017 • 6 min read

Boards of directors could face a fresh wave of directors and officers (D&O) claims following the introduction of tough new cybersecurity rules for financial institutions by The New York State Department of Financial Services (DFS).

Advertisement




Prompted by recent high profile cyber attacks on JPMorgan Chase, Sony, Target, and others, the state regulations are the first of their kind and went into effect on March 1.

The new rules require banks, insurers and other financial institutions to establish an enterprise-wide cybersecurity program and adopt a written policy that must be reviewed by the board and approved by a senior officer annually.

The regulation also requires the more than 3,000 financial services firms operating in the state to appoint a chief information security officer to oversee the program, to report possible breaches within 72 hours, and to ensure that third-party vendors meet the new standards.

Companies will have until September 1 to comply with most of the new requirements, and beginning February 15, 2018, they will have to submit an annual certification of compliance.

The responsibility for cybersecurity will now fall squarely on the board and senior management actively overseeing the entity’s overall program. Some experts fear that the D&O insurance market is far from prepared to absorb this risk.

“The new rules could raise compliance risks for financial institutions and, in turn, premiums and loss potential for D&O insurance underwriters,” warned Fitch Ratings in a statement. “If management and directors of financial institutions that experience future cyber incidents are subsequently found to be noncompliant with the New York regulations, then they will be more exposed to litigation that would be covered under professional liability policies.”

D&O Challenge

Judy Selby, managing director in BDO Consulting’s technology advisory services practice, said that while many directors and officers rely on a CISO to deal with cybersecurity, under the new rules the buck stops with the board.

“The common refrain I hear from directors and officers is ‘we have a great IT guy or CIO,’ and while it’s important to have them in place, as the board, they are ultimately responsible for cybersecurity oversight,” she said.

William Kelly, senior vice president, underwriting, Argo Pro

William Kelly, senior vice president, underwriting at Argo Pro, said that unknown cyber threats, untested policy language and developing case laws would all make it more difficult for the D&O market to respond accurately to any such new claims.

“Insurers will need to account for the increased exposures presented by these new regulations and charge appropriately for such added exposure,” he said.

Going forward, said Larry Hamilton, partner at Mayer Brown, D&O underwriters also need to scrutinize a company’s compliance with the regulations.

“To the extent that this risk was not adequately taken into account in the first place in the underwriting of in-force D&O policies, there could be unanticipated additional exposure for the D&O insurers,” he said.

Michelle Lopilato, Hub International’s director of cyber and technology solutions, added that some carriers may offer more coverage, while others may pull back.

“How the markets react will evolve as we see how involved the department becomes in investigating and fining financial institutions for noncompliance and its result on the balance sheet and dividends,” she said.

Christopher Keegan, senior managing director at Beecher Carlson, said that by setting a benchmark, the new rules would make it easier for claimants to make a case that the company had been negligent.

“If stock prices drop, then this makes it easier for class action lawyers to make their cases in D&O situations,” he said. “As a result, D&O carriers may see an uptick in cases against their insureds and an easier path for plaintiffs to show that the company did not meet its duty of care.”

Advertisement




One area that regulators and plaintiffs might seize upon is the certification compliance requirement, according to Rob Yellen, executive vice president, D&O and fiduciary liability product leader, FINEX at Willis Towers Watson.

“A mere inaccuracy in a certification could result in criminal enforcement, in which case it would then become a boardroom issue,” he said.

A big grey area, however, said Shiraz Saeed, national practice leader for cyber risk at Starr Companies, is determining if a violation is a cyber or management liability issue in the first place.

“The complication arises when a company only has D&O coverage, but it doesn’t have a cyber policy and then they have to try and push all the claims down the D&O route, irrespective of their nature,” he said.

“Insurers, on their part, will need to account for the increased exposures presented by these new regulations and charge appropriately for such added exposure.” — William Kelly, senior vice president, underwriting, Argo Pro

Jim McCue, managing director at Aon’s financial services group, said many small and mid-size businesses may struggle to comply with the new rules in time.

“It’s going to be a steep learning curve and a lot of work in terms of preparedness and the implementation of a highly detailed cyber security program, risk assessment and response plan, all by September 2017,” he said.

The new regulation also has the potential to impact third parties including accounting, law, IT and even maintenance and repair firms who have access to a company’s information systems and personal data, said Keegan.

“That can include everyone from IT vendors to the people who maintain the building’s air conditioning,” he said.

New Models

Others have followed New York’s lead, with similar regulations being considered across federal, state and non-governmental regulators.

The National Association of Insurance Commissioners’ Cyber-security Taskforce has proposed an insurance data security model law that establishes exclusive standards for data security and investigation, and notification of a breach of data security for insurance providers.

Once enacted, each state would be free to adopt the new law, however, “our main concern is if regulators in different states start to adopt different standards from each other,” said Alex Hageli, director, personal lines policy at the Property Casualty Insurers Association of America.

“It would only serve to make compliance harder, increase the cost of burden on companies, and at the end of the day it doesn’t really help anybody.”

Advertisement




Richard Morris, partner at law firm Herrick, Feinstein LLP, said companies need to review their current cybersecurity program with their chief technology officer or IT provider.

“Companies should assess whether their current technology budget is adequate and consider what investments will be required in 2017 to keep up with regulatory and market expectations,” he said. “They should also review and assess the adequacy of insurance policies with respect to coverages, deductibles and other limitations.”

Adam Hamm, former NAIC chair and MD of Protiviti’s risk and compliance practice, added: “With New York’s new cyber regulation, this is a sea change from where we were a couple of years ago and it’s soon going to become the new norm for regulating cyber security.” &

Alex Wright is a U.K.-based business journalist, who previously was deputy business editor at The Royal Gazette in Bermuda. You can reach him at [email protected]