United States: Counterfeit Product and Faulty Supply Chain: A Johnson & Johnson Brand Integrity Case Study

Companies confront a broad scope of risks, from compliance matters and regulatory risk to threats to the business itself and to its reputation. Counterfeit products, which continue to increase worldwide, range from pharmaceuticals to luxury items and consumer products. There is a long list of stakeholders who face consumer safety, reputational, and financial risks from fake products. Ultimately, the business enterprise and those that depend upon it can be threatened. Suppliers, wholesalers, and retailers are undercut by unauthorized competition. Governments suffer when they lose hundreds of millions of dollars and other currencies in uncollected excise and sales taxes, negatively affecting the economy and society as a whole, which suffers from criminal enterprises like counterfeiting.

The risk management officer’s principal role in most companies is to identify, analyze, and manage risks for the company. The complicated risk profile involved in counterfeiting and gray marketing can make it more difficult for risk managers to fulfill all aspects of their roles in combating brand integrity risks.

Johnson & Johnson’s Medical Device & Diagnostics business (MD&D) – one of three businesses that make up the Johnson & Johnson family of companies – is one business that has faced brand risks head on and taken a proactive stance to address its current issues and mitigate future risks from counterfeiters and related concerns.

This article will discuss the steps that MD&D, with assistance from the brand integrity team at Ernst & Young LLP, took to work through the risk management responsibilities of identifying, analyzing, and managing the risks related to the company’s brands.

In 2001, managers within the MD&D business began to suspect that they had a gray market problem. Some legitimate product did not make it to its intended market and was instead sold through unauthorized dealers. This had an unknown effect on the company’s bottom line and raised questions about threats to patient safety. They started two investigations to confirm their suspicion and to estimate the revenue lost to arbitrage.

In 2003, some doctors submitted to MD&D surgical mesh that did not have the handling qualities they were used to with MD&D’s product. The company sent the product through its quality assurance processes for authentication and determined it was fake.

This development greatly increased the stakes. Gray market is a concern because it can signal questionable third-party business practices, is a possible avenue for counterfeit products, and can cause significant lost revenue. Actual counterfeits, though, may jeopardize patient safety — the core of the J&J credo. Quashing this threat and protecting the safety of its patients became the primary motivator for the ensuing actions.

Once the company had decided to take action, management retained Ernst & Young to validate and extend its findings, quantify the scope of the problem where possible, and determine what was driving the company’s vulnerabilities. In addition, MD&D asked Ernst & Young to expand the investigation to regions around the world to identify additional risks. Ernst & Young worked with the executives within four of MD&D’s operating companies as well as with its European, Asia Pacific, and Latin American regional company leaders. Executives in the company’s financial, risk, legal, and quality operations were also involved in the research. The nature, scope, and size of the gray market and counterfeit incidents and the industry and business practices that contributed to them were all analyzed.

The study’s findings were highly informative for MD&D management, validating that the company had a diversion problem. Diversion involves the selling of legitimate product in markets other than those for which it was intended, and it opens the door for counterfeit products to enter the supply chain. Further, the estimated effect on revenue was nearly three times the company’s original estimate. The findings also confirmed the initial counterfeit product and found that MD&D’s operating companies were investigating other brand integrity incidents that were not widely known.

Once the problem was identified, the strategy to manage the risks came directly from those findings. Several common themes emerged from Ernst & Young’s analysis, which were winnowed down to three causes or business factors. None of these factors is unique to MD&D or to Johnson & Johnson. Rather, they are issues quite common to large organizations.

One identified factor was MD&D’s business culture. Because Johnson & Johnson – and therefore MD&D – is a highly decentralized business, each of its operating and regional companies was approaching gray market issues and counterfeiting with disparate brand protection policies or strategies. As a result, different operating companies were independently developing their own anti-counterfeiting and anti-gray market solutions where a centralized program offered business and competitive advantages. It was clear that the company could enhance its brand protection through clear-cut policies and procedures and consistent communications with its employees.

Another identified cause was the business design and practices. One example was that no single person or group at the MD&D level was responsible for protecting MD&D’s brands or its products. This is one reason that operating companies conducted their own counterfeiting and gray market investigations, depriving the overall business of the opportunity to analyze business-wide trends and possible illegal activities.

A second example was that the company’s due diligence process, by which it reviewed third-party suppliers, manufacturers, and distributors, was incomplete. The company also did not have a robust supply chain strategy to assess how it might negotiate standardized terms of sale such as authorized distributors, the right to audit, and the right to data in jurisdictions outside the United States that allowed the sharing of such data.

The third identified cause of the company’s vulnerability was a lack of information. First, there was little worldwide pricing transparency because of the way products were priced around the globe. This information is quite helpful in finding possible hotbeds for gray market activity. Second, the company often did not have a handle on where its product went after it left its plants and distribution centers around the world. While distribution of medical devices in the United States generally flows through a handful of primary distributors, such a system does not exist elsewhere. Finally, because of the lack of a centralized reporting protocol, the company did not know how many counterfeit incidents it had previously experienced.

To establish a system whereby MD&D could manage its brand-related risk day to day, the team focused on policy design, organization design, market monitoring, and enforcement. These approaches addressed the findings that MD&D was vulnerable from a business culture, business design, and informational perspective.

Policy formation was the first order of business. The team developed a brand protection policy that is now being used as a guideline by MD&D. The policy addresses the protection of intellectual property, accountability issues, product protection and supply chain standards, and incident reporting and enforcement protocols.

To address accountability, an organization was put in place across MD&D to address brand protection across the business. The team helped to define the key resources and assign them specific roles, responsibilities, and accountability. These roles include a vice president and executives responsible for product protection, supply chain management, and incident reporting and enforcement. The team also worked together to define the roles and responsibilities for brand protection executives within the operating and regional companies that report up to MD&D and to determine how the brand protection operation would work with the company’s worldwide security group to manage reported incidents and the associated investigations.

The process of developing the organizational design was an interactive process, and executives from the operating companies, the regions, and worldwide security were active participants. The policies and procedures changed several times though the process based on feedback and real-life implementation.

One example of the new way MD&D and its operating companies currently work together is in the way counterfeit incidents are handled. The operating companies wanted to keep control of counterfeit verification and the ensuing investigations, and the new policies allow them to do so. However, they must report any suspected and validated findings to corporate security, and they must work with the brand protection and security executives to address the problem. This allowed MD&D to take advantage of the quality assurance processes already in place to authenticate suspected counterfeits and still address the problems that resulted from the poor flow of information. Now that corporate executives have more information, those charged with brand protection can review incidents from the whole business and look for commonalities, trends, and broader concerns.

Another ongoing effort is the development of product protection plans for at-risk products. Such plans entail in-depth assessments of the company’s various products and the risks they face from counterfeiting and gray market activity. For those products at highest risk, the company will develop product protection plans that include overt and covert anti-counterfeiting technologies and features based on their risk levels. This allows the company to consistently manage its products throughout the organization from sourcing through distribution.

The final piece, which also is under development, is a market-monitoring program to keep tabs on the product actually being sold to consumers. This will involve a program for buying products in the markets in which they are sold and sending them back to quality assurance for authentication. The company has already started a program for buying products off the Internet for this purpose.

Johnson & Johnson executives report that they are now more effectively dealing with counterfeits than ever before, which they credit to the heightened awareness and new reporting policies. This fact allows them to identify problems and institute protections that are aimed at improving patient safety.

Risks related to brand protection cut across the array of risks that a company faces, from business concerns to reputation and regulation. Additionally, many counterfeits pose a significant risk to individuals and public health and safety. For that reason, risk management professionals will want to be aware of their companies’ brand-related risks and identify, analyze, and introduce controls to manage them. By doing so, companies will have the keys to mitigating the risks they, their brands, their products, and their customers face.

Reprinted with permission from Risk Management Magazine. Copyright 2007 RIMS, Inc. All rights reserved.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.