Food & Beverage compliance specialist Stuart Shotton talks about industry silos and the need to centralise data
Stuart Shotton has many years in Food & Beverage compliance under his belt, having worked both as a practitioner, and as a consultant in the industry. Helen Poole, 4Pack’s MD in the UK, spoke to him about business risk, time spent on admin, and the biggest process challenges for the compliance department – and what businesses can do to fix them. (This is the first of our series of conversations with Food & Beverage professionals and industry experts. Stay tuned for more!)
| Helen: | What’s the hardest thing for compliance professionals in Food & Beverage today? |
| Stuart: | I’d say the main challenge is the availability of information. When I did some top line efficiency research some time ago, I worked out that around 40% of any compliance person’s life is spent chasing people for information.
I’d say that in about 99% of businesses in the world, what you’ll find is that their departments are very siloed. But compliance people rely on other functions to gather the information they need to make an educated assessment on a product. So the first key challenge is centralising data. Because if you have too many data touchpoints, you increase the risk of human error – and you reduce efficiency. |
| Helen: | I’ve seen that in some organisations, Compliance can be seen as the department that delays things. But what we’re really talking about here is safeguarding consumers, right? |
| Stuart: | That’s it, absolutely. We’re in the business of consumer safety, and it’s linked to brand reputation. Think of all the information that you base your marketing on – it’s important to have that information to hand and that it’s accurate.
But most businesses are far from it. What I’ve often seen is that businesses will evolve the more profitable departments – Sales, Marketing for instance – a lot more quickly than the ‘supporting roles’. It’s hard to measure return on investment on things like increased brand protection. So often, you’ll find very sophisticated marketing and sales mechanisms, and dedicated tools for these functions. And then you’ll have support functions such as Compliance, Regulatory Quality, Formulation Testing, etc playing catch-up because they aren’t necessarily seen as a revenue generator. The more technical functions get a lesser degree of support and a smaller tool set – and that makes them less efficient than they could be. Many compliance teams are huge, because their day-to-day job is based on spreadsheets which aren’t joined up in any way. So they spend most of their time trying to ensure those documents are up to date. |
| Helen: | So they’re throwing bodies at it is what you’re saying? |
| Stuart: | Yes. It’s easier to throw bodies at it than to invest in a system. And it’s hard for a compliance team to get the business case off the ground, because it can be difficult to actually show what the return on investment is. Because ultimately the only real measure you’ve got is a reduction in the need for more people. |
| Helen: | How about potential compliance breaches – could you quantify those to get buy-in? |
| Stuart: | That’s difficult. It’s a very theoretical discussion. Most businesses only act once they’re caught out. They get a system in place after the horse has already bolted – and they will probably never have an issue again. But it’s only at that point they see the value.
Again, it comes down to data. Everything needs to be recorded these days from a due diligence point of view, for the audit trail. I think what would really move the needle is if a tech vendor could link up with one of the big product recall insurance companies. And get them to offer a discount on their insurance premiums for companies that can prove that they can pull this information together, and as a result, have a lower risk. |
| Helen: | Is there such a thing as an industry average risk? |
| Stuart: | In the UK, we’re pretty well evolved across all our different industries. However, if you’re exporting into mainland Europe, some countries are much more litigious – Germany for example. There, it’s less the authorities you need to be concerned about, it’s the competitors. If they can show that something that you’re doing is anti-competitive, they can stop you trading. So that would increase your risk. But having substantiation there is crucial, because most of the time it’s about evidence. But if you can produce that within, say, a day of being asked for it, then you maintain credibility and give the investigators the confidence that your processes are tight. |
| Helen: | So would you say that one of the struggles for the compliance department is that they don’t have their ‘own’ data – but rely on data from the entire organisation? |
| Stuart: | Businesses are getting more data savvy, so there’s a lot more analysis taking place even on the compliance side. If you’ve got the data touchpoints from all over the business, they can paint a picture that’ll be significantly different to data from one particular system, which gives you only a snapshot view. But try and collect all that data from different systems and get it to add up – that can be an absolute nightmare. |
| Helen: | So on the one hand, it’s about getting the process right – on the other, about being able to pull out a fully traceable history of what has happened? |
| Stuart: | Some people tend to be afraid of tools that can do that because they think they’ll be used for a witch hunt. But I’ve never been an advocate of that. If something has gone wrong, I want to understand what caused it to go wrong. When you find the root cause of the problem, then you can fix it, so it never happens again. It’s not about singling people out. Having said that – a central tool can make collaborators much more accountable, in the sense that they’ll think twice about putting unchecked information into a system if they know it can be traced back to them. When it’s not traceable, it could have been anyone. |
| Helen: | Is there a way for businesses to avoid glitches before they even happen? |
| Stuart: | Yes – again, it comes down to having the data, and putting the right process in place. Because of the spreadsheet-based nature of the job, Compliance has traditionally been quite reactive. As a compliance professional, you’ll respond to, say, a change in legislation, to someone who’s phoned up to complain, to a report that’s coming, or a program on the TV, or something. And you react and provide information on that basis.
Having access to the data from across the business means that you can take a more proactive approach. You could pull, for instance, complaints data out and look at spikes, or trends to help you spot potential problems on the horizon. Or if you know that a law is going to be changed, you can dig in and actually have a look at how that may impact you, and put some precautions or changes in place to mitigate it. |
| Helen: | Thanks so much for your time, Stuart. This has been really insightful! |
If you’re in the Food & Beverage industry, and interested in making better workflows for product development a reality, I think you’d like our ebook “End-to-end product management”.
