In today's global manufacturing marketplace, regulatory compliance is not just a legal obligation but a cornerstone of ethical business practices. More often than not, regulatory and compliance teams are involved throughout the entire product development process, from design to delivery to customer. Understanding and adhering to compliance requirements is crucial whether your company is purchasing components from suppliers, or selling products in heavily regulated markets. 

Understanding the Regulatory Environment

Local, National, and International Regulations

To successfully manufacture and operate in heavily regulated markets, it is essential to have a thorough understanding of the regulatory frameworks at local, national, and international levels. Countries, states, and sometimes even regions have distinct laws and guidelines that must be followed. 

Your industry likely comes with its own set of regulations, and there is not one singular playbook for regulatory compliance. For example, the healthcare sector must navigate the Health Insurance Portability and Accountability Act (HIPAA). At the same time, companies handling personal data must ensure compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as implementing robust data protection measures to safeguard customer and business data is essential no matter the industry. Aerospace and Defense companies need to adhere to the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Understanding all your industry-specific regulations is vital for maintaining compliance and avoiding legal pitfalls.

The sheer number of regulations can leave small to mid-sized companies wondering whether or not they are compliant. In turn, to avoid an inadvertent violation, they spend significant capital hiring outside consultants, experts, or legal firms just to bring a singular product to market. 

If, for example, you are producing a medical device in the United States, it must comply with the Food and Drug Administration (FDA) regulations. However, if your business decides to operate in Europe, it would need to adhere to the guidelines set by the European Medicines Agency (EMA) specifically for medicinal products and the Medical Device Regulation (MDR) for medical devices. Each set of regulations comes with its own separate and distinct set of requirements that more often than not will prolong the time to getting your product to market.  On top of that, international standards from organizations like ISO and IEC play a crucial role in global quality and compliance.

It is typically the job of a regulatory affairs or compliance specialist to navigate all of the above, looking at the latest version of policy or regulation and comparing internal documentation, policies, and standards to create gap analyses and confirm compliance. These assessments can take months to complete and often require inputs from other stakeholders like legal, marketing, engineering, and leadership. 

While businesses must stay compliant with regulations, the abundance of paperwork makes it challenging for companies to bring new innovative technologies to market efficiently.

Compliance in Purchasing

Supplier Due Diligence

When it comes to purchasing, conducting thorough supplier due diligence is necessary. At least some level of diligence should be done before partnering with a vendor or supplier and incorporating their component or product into yours.

In addition to gathering basic information about your supplier, your due diligence process should include performing audits and assessments to evaluate the supplier’s compliance with relevant regulations and their ability to adhere to your specific product requirements. It is common during this stage to ask suppliers about their factory capacity, how and where they are sourcing from, their quality management systems, production processes, and confirmation of adherence to standards like ISO 9001 or ISO 13485. 

Due diligence is typically done through a variety of forms and certifications that are required to be completed by the supplier before initiation of a purchase order or Request for Quote. When it comes time to contract with the supplier, and they have passed all your checks,  drafting comprehensive contracts and statements of work that outline compliance expectations and responsibilities is crucial. These contracts should include clauses for regulatory compliance, quality assurance, and periodic audits.

Risk management is another critical aspect. Identifying and preparing for how to mitigate risks associated with supplier non-compliance is essential. What would your company do if you received a counterfeit component in a product that goes to market? Is your vendor compliant with SOC 2 or other data protection requirements?  Implementing a risk management framework to monitor and address compliance risks ensures that any potential issues are detected and resolved promptly.

Quality and Safety Standards

When quality standards are followed, there is some level of assurance that the supplier will meet a consistent level of quality in their products and services. For example, some suppliers might not be ISO 9001 certified, but they may adhere to the ISO 9001 standards, and be willing to share some evidence of that with you. 

If you are sourcing components to integrate into a final product, ensuring that each component is tracked from the supplier to its integration into the final product for full traceability and accountability is key. Maintaining detailed documentation for all purchased goods and ensuring traceability from suppliers to end-use is also essential for a robust compliance program. Depending on your product, you may have even more stringent quality requirements for your suppliers, for example, if you are building a Class III medical device, or for a US military end user. 

Requiring, and keeping a record of suppliers testing and certification reports is another critical step. If you need further assurances, engaging third-party testing organizations to verify compliance with regulatory standards can help provide peace of mind. 

Ethical and Sustainable Sourcing

Ethical and sustainable sourcing is a priority for businesses. Developing and enforcing policies for ethical sourcing ensures that your vendors and suppliers adhere to labor laws, avoid child labor, and maintain fair working conditions. As part of your supplier approval process, require potential vendors to complete a detailed questionnaire about their sourcing practices, labor conditions, and environmental policies. Encourage, or require vendors to obtain relevant certifications from recognized bodies (e.g., Fair Trade, ISO 14001, Rainforest Alliance, B Corp.) Like the approved supplier process, these assurances are generally provided via certification or collection of relevant documentation from vendors. 

Promoting environmental sustainability by sourcing from suppliers who comply with environmental regulations is equally important. Partnering with suppliers who comply with practices such as reducing carbon footprint, recycling, and using eco-friendly materials not only aids compliance but also boosts corporate social responsibility.

Import Requirements 

US-based companies importing goods must navigate a variety of requirements to ensure compliance with federal laws and regulations. For example, importers must register as such with Customs and Border Control (CBP), complete customs documentation, and obtain a customs bond to guarantee payment of duties and compliance with import regulations. Depending on the type of goods received, additional specific compliance with other federal agencies, such as the United States Department of Agriculture (USDA), the Alcohol and Tobacco Tax and Trade Bureau (TTB), FDA, or the Environmental Protection Agency (EPA), may be necessary. 

Lastly, it’s crucial that you understand and comply with any quota limits on the quantity of certain goods that can be imported, and maintain import records for at least five years as required by CBP. This includes invoices, shipping documents, and correspondence related to the import transaction.

Compliance in Selling

Market Entry Requirements

Before entering a new market, it is essential to understand and meet specific regulatory requirements. This includes registering products with relevant regulatory bodies and obtaining necessary approvals, certifications, and licenses. Some industries, like healthcare, food, and alcohol, have specific licensing requirements.

If you are selling or exporting from the U.S., you might even need a local agent to do business in Country,  or be required to register your company in that location. In the U.S., a good starting point is the International Trade Administration website. They provide specific guidelines on doing business in other Countries. 

End-User Certification

An End-User Statement (EUS) is a document used in international trade to specify the final recipient and the intended use of exported goods. It helps ensure that the goods are not diverted for unauthorized uses, such as military applications or proliferation activities. Depending on your product, it may be required for you to obtain an EUS under EAR, ITAR, or the Office of Foreign Assets Control (OFAC).

An EUS will ensure that the end-user is aware that it must comply with all applicable laws and regulations to avoid legal penalties and sanctions. It is also an opportunity for you to consider the ethical implications of the end-user’s intended use of your product and whether it aligns with your company’s values and corporate responsibility policies. Finally, seek guidance from relevant government agencies, such as the Bureau of Industry and Security (BIS) or the Directorate of Defense Trade Controls (DDTC), for specific queries related to end-user statements if you detect a red-flag or other concern in an EUS.

Quality and Safety Standards

Just like when selecting a supplier, ensuring that the products or components your company is producing meet the required specifications and industry standards is key. Adherence to these standards not only enhances customer satisfaction and trust but also helps in maintaining a competitive edge in the market. It minimizes the risk of defects and errors, leading to cost savings and improved efficiency. 

Compliance with quality standards also fosters a culture of continuous improvement, encouraging innovation and better business practices. It ensures that the company meets regulatory requirements, reducing the likelihood of legal issues and enhancing the company's reputation and credibility in the industry. Ultimately, compliance with quality standards is a strategic investment that contributes to the long-term success and sustainability of your company and product.

Advertising

Adhering to regulations governing advertising and promotion of products is another important aspect. All advertising must be truthful and not misleading. Claims must be substantiated, especially those involving health, safety, or performance. For example, any environmental claims like "green," "eco-friendly," or "sustainable" must be truthful, specific, and substantiated. Products advertised as "Made in USA" must be "all or virtually all" made in the United States.

Why does this matter? Look to public lawsuits. Famously, Volkswagen (VW) heavily marketed its diesel vehicles as environmentally friendly, promoting them as "clean diesel" cars that met strict emissions standards. Ads highlighted the cars' low emissions and compliance with environmental regulations, portraying them as a green alternative to other vehicles. Following regulatory testing, the EPA and California Air Resources Board (CARB) revealed that VW had installed software in their diesel engines to cheat emissions tests. 

The outcome? Numerous lawsuits from consumers, environmental agencies, and the U.S. Government, to the tune of a $14.7 billion settlement in the U.S. to resolve allegations of cheating emissions tests and false advertising, plus reputational harm and increased scrutiny from regulators.

It’s important to ensure that advertising and marketing material match with reality, and any relevant legal or regulatory documentation filed. While the example given is extreme, making sure that some level of diligence is done on claims made with respect to health or safety of your product is pivotal.

Export Requirements 

You may also be required to obtain export licenses to ship specific products to your customer destination. Licensing requirements vary based on the nature of the goods, their destination, and the end use. Penalties are steep for failing to comply with export licensing requirements, so it is crucial that you understand the classification of your product, and any licensing requirements prior to shipment.  

In addition, you need to follow all required steps when it comes time to ship a product to your customer, such as selecting the right Harmonized System Code and reporting shipments in the Automated Export System (AES) when your shipment value is more than $2,500, or the item requires a license. Incorrect identification and labeling can result in increased fees and tariffs borne by you or your customer. 

Marking and Labeling Requirements

It is conventionally the responsibility of a quality or logistics lead to be sure all product is packed and shipped accurately. Labeling requirements and guidelines are often found in paper form throughout a warehouse, in binders, or posted on walls, and manually recreated and printed prior to each shipment. As part of your overall logistics process, it is important to ensure that all relevant information is included on labels and that all other marking compliance requirements are met. 

Ensuring that your products are labeled and packaged in compliance with relevant regulatory requirements is also critical. Labels should include necessary warnings, usage instructions, and safety information. If your product is export-controlled, you should include requisite markings from the United States Munitions List (USML) or Export Control Classification Number (ECCN) regulations, both on your packaging paperwork and on any external shipping labels. If you are exporting a food product, you must include all relevant information including, Country of origin, manufacturer information, product code or lot number, and relevant dates, to name just a few. Missing just one required line item on a label can result in your product being held in customs, or expiring without ever making it to your customer. 

Have you ever seen a battery fire sticker like the one pictured on your packages when you receive a product with a lithium battery in it? Under both Federal and International rules and regulations, any product with a lithium battery is required to be marked with that sticker throughout transit, whether the product is shipped via boat, train, air, or driven down the road. In the U.S., the U.S. Department of Transportation (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) regulates hazards in transit. If you ship products, it is your responsibility to know whether your products are hazmat and to communicate their hazards appropriately, according to DOT’s hazmat regulations.

Post-Market Surveillance

Implementing systems for monitoring product performance and safety post-market is vital for ongoing compliance. This includes reporting adverse events, incidents, and non-compliance to regulatory authorities. You should regularly collect and analyze data on product performance, customer feedback, and adverse events to fully understand product performance and compliance. As part of that process, establish a robust system for receiving, documenting, and investigating complaints. Ensure that corrective and preventive actions are taken when necessary.

Lastly, defining procedures for product recalls in advance of any adverse event ensures a quick and effective response to compliance issues, protecting consumers and maintaining regulatory trust. 

Conclusion

Navigating the complexities of regulatory compliance in heavily regulated markets requires a comprehensive and proactive approach involving all company stakeholders.  From rigorous supplier due diligence to robust post-market surveillance, each step in the purchasing and selling process must be meticulously managed to ensure adherence to relevant regulations. By fostering a culture of compliance, implementing effective management systems, and maintaining transparent communication, businesses can not only avoid legal pitfalls but also build trust and credibility with regulators, customers, and stakeholders.