Blue Sphere Health

Pharmaceutical Anti-Counterfeiting: Lessons from Avastin

Counterfeit medicines are not an entirely new thing in the American consciousness but when fake Avastin was reported this week it sent a larger than usual ripple through the news media.  I have been interviewed in the past 24 hours by Al Jazeera (see link or at right) and the Wall Street Journal. Why the fuss? Maybe it was because Avastin is a Swiss-designed, injectable cancer drug used only in hospitals.  This is a long way from dodgy Viagra bought over the internet or on a foreign trip, which is the image most people associate with fake drugs – if they even consider the issue at all.  Somehow, counterfeits have breached what should be a super-safe hospital supply chain and may have put patients at risk (although exactly how many patients received the medication is unclear).  Roche and Genentech were not directly at fault in this case but are there lessons that can be learned from their misfortune? How and why did this event happen and what can companies do to stop it happening to their products? The simple answer to the “how?” question is that plausible-looking fake Avastin packs, bearing familiar brand names and logos and containing authentic-looking vials, were good enough to fool professional medics.  It might be impossible for doctors and nurses to check the chemical composition of the active ingredients, but closer inspection would have revealed that the packs were apparently French in origin and bore the hallmark of parent company Roche, not the livery of the US-licensed manufacturer (and Roche subsidiary) Genentech.  The appliance of common sense should then have started alarm bells ringing, and indeed it may have been user vigilance that picked up this event in the first place.  FDA is now investigating. The “why?” question is more complex but the answer boils down to organisations trying to shave dollars off their drug bill by buying from grey market channels.  The French packs were supplied by a foreign distributor to at least 19 practices in the USA. Where exactly the distributor got them from will be established (I hope) during the investigation.  If hospitals and medical systems stick to the standard, regulated supply chain there is very little risk of receiving counterfeit products but it is precisely when people go “off-piste”, as appears to have occurred in this incident, that they put patients’ welfare at risk. If you’re a drug manufacturer or distributor, how do you stop a counterfeiting incident damaging your reputation and harming your customers? The first stage is to have a strategic approach and to act before you have to.  Don’t wait for the calls from FDA, CNN and concerned patients.  As they say in aviation, if you think safety is expensive try having an accident. I have written here several times about our DRASTIC framework for approaching anti-counterfeiting in a planned way.  The current move to serialization, epedigree and other traceability systems is soaking up a lot of budget and management time this year. There are legislative deadlines coming up in the USA, the European Union and elsewhere that will require manufacturers to code every single pack they make.  This will enable far greater supply chain transparency than we have today and will make it far harder for counterfeiters to insert industrial quantities of product into the legitmate supply chain.  But the dash for codes should not obscure the role played by old-fashioned authentication.  Visual inspection and the use of physical features – intrinsic or added, visible or covert – to reliably differentiate real from fake products is still a valuable tool in the arsenal.  An integrated anti-counterfeiting strategy needs both digital coding and physical authentication.  Neither is sufficient in isolation but together they are a strong deterrent against all but the most determined criminals. For those who would seek to delay mandatory compliance deadlines such as those in California (2015) or the EU (2016-17), ask yourselves whether it wouldn’t be a better strategy to get organised and get moving with your own initiatives so that the next Avastin-type incident doesnt happen on your patch. If you don’t know where to start, or you need help fine-tuning your strategy and tactics, we can help.  Blue Sphere Health are worldwide specialists in serialization, epedigree, authentication and related aspects of product security.  Contact us today for a confidential discussion or get in touch with me personally right now at mark(dot)davison(at)bluespherehealth(dot)com.      
Continue Reading

Anti-counterfeiting as a business opportunity

We traditionally view authentication as a cost to our businesses but of course it is really an investment. This narrated Powerpoint presentation on anti-counterfeiting as a business opportunity is based on a talk I gave earlier this year. I hope it provides some new ideas and different ways of looking at brand protection activities.

The way to get rid of counterfeiters is to squeeze them out of business by applying the same business competitiveness principles we use in other areas of business. We still need to do the criminal enforcement stuff, but commercial muscle needs to be applied too.

If you like it, please retweet this page or comment below when you’ve watched the presentation. Remember to sign up for our mailing list on the right of this page too.

Continue Reading

DRASTIC Brand Protection Part 7: ‘C’ is for Communication and Continuation

In the last post in this series on the DRASTIC process for planning brand protection and anti-counterfeiting activities, I look at communication and continuation. To recap: you also need to do the other parts of the DRASTIC process. In the earlier stages you must have Defined and Decided, conducted a Reality checkAnalysed all the available information, formulated a coherent Strategy,  translated it into specific Tactics and Implemented these appropriately and thoroughly.  Once you have done all these are you ready to look at public communication, although internal communication (to those who need to know) will have started well before this stage – as I mentioned previously, the early involvement of key individuals from around the business is key if the right perspective is to be gained. If Implementation is sometimes an afterthought in brand protection, communication is often omitted entirely. Many brand owners choose not to publicise their product security initiatives. They may do this for a number of reasons, but usually it is to avoid spreading a negative vibe in their marketplace. “By discussing anti-counterfeiting measures, we risk sensitizing the customer to the fact that they may be buying a fake – then maybe they won’t buy at at all” is the rationale.  This is almost always misguided and counter-productive.  Customers now have access to many more information channels than even five years ago, yet many corporations are still running  scared of raising issues about their brands in an honest and constructive way. Saying nothing is perhaps a defensible approach if your strategy is to keep brand protection covert.  With no visible changes to the product or its packaging, the simple solution is to keep quiet.  This avoids tipping off the counterfeiters  directly but they will soon spot the more obvious features anyway. It also misses an opportunity to build dialogue with your customers. If your strategy includes overt features to involve and protect the consumer then why wouldn’t you tell people? If they can see something shiny, colour-shifting, holographic or whatever, they are going to wonder about it. Curiosity is a good thing in brand protection but it needs to be harnessed. If an ongoing public awareness campaign tells people (exactly) what to look for on the genuine product then our innate eye for detail and spotting change can be put to good use in alerting the brand owner to counterfeiting. In the absence of specific information, the product security feature – however innovative and expensive – will quickly become unnoticed. Your security people will still spot the more obvious fakes, but your customers won’t because you didn’t trust them and empower them. There may be corporate or political motives either to exaggerate or downplay the counterfeiting issue, but at least make sure that the strategy is internally consistent. Don’t bother with overt features if you don’t intend to tell anyone about them. The more effective corporations have  a central, empowered, product security team which oversees all brand protection issues . The real best-practice brands take this further and are also building bridges between marketing and brand protection.  Customer dialogue is getting more complex, multi-faceted and real-time with positive and negative conversations that are not always within the control of the brand being discussed.  Difficult though this environment is, it is better to be make positive points about brand protection on your own terms than to have others drive the agenda. Communication needs to culturally-sensitive, appropriate to the intended audience, and timely.  Not rocket science, just careful application of marketing theory in a new area. As always, if positive outcomes from proactive communication can be demonstrated early in the roll-out process then so much the better. This will help to feed into the last and critical phase of the DRASTIC process: Continuation.  Nothing is forever, and that goes for anti-counterfeiting technologies too.  I often see debates on LinkedIn and elsewhere about whether there is an “uncounterfeitable” technology out there.  Several vendors always weigh in with claims for their gizmo.  They may be right – time will tell – but I doubt it.  Given determination and money, almost anything can be circumvented, even if it isn’t successfully counterfeited. Serial numbers linked to a database can be mimicked by creating an entirely bogus (but  internally consistent) criminal world where everything is fake . The consumer reads the fake serial number, is reassured by the fake call centre and takes home the fake product. Threats change, technology moves on, criminals learn quickly.  The only viable approach is to revisit the brand protection strategy, at a fundamental level, at regular intervals.  This doesn’t preclude rapid tactical responses to specific incidents, but the regular review should revisit all of the basic DRASTIC steps. The executive sponsoring the process should make sure that his team are challenging the original assumptions and doing the brand value equivalent of zero-based budgeting. No facile incrementalism allowed.  Counterfeiters are quick-thinking entrepreneurs, so corporations have to become light-footed too if they are to defend their brands sucessfully. Please use the comment field below to give your feedback or the contact form for more detailed questions in private.
Continue Reading

DRASTIC Brand Protection Part 6: ‘I’ is for Implementation

In the penultimate post in this series of informal essays on the DRASTIC process for planning brand protection and anti-counterfeiting activities, I look at implementation. Remember: before implementing anything you need to do the other parts of the DRASTIC process. In the earlier stages you should have Defined and Decided, conducted a Reality checkAnalysed all the available information, formulated a coherent Strategy and translated it into specific Tactics.  Only once you have done all these are you ready to look at execution. Implementation is often a neglected aspect of the DRASTIC planning process.  Everyone who wants to defend their products from counterfeiting and diversion knows they will have to implement a brand protection program, but many do not adequately anticipate the practical problems or plan for all eventualities. The key difficulty is that most of us are not psychologically comfortable with change. This applies as much with college-educated executives as it does to individual customers.  Your plant managers will not appreciate (and may resist) the line modifications and re-validations that are needed.  Your customer may misunderstand the visible pack changes that you made. As a general rule, implementing a brand protection technology will take longer, cost more, and be more complicated than you first thought.  It is possible to do “emergency repair” projects, in response to a security breach, in a matter of weeks – at least for physical authentication responses.  But these probably won’t be very integrated or long-lived fixes. Any security technology that is available at zero notice, off-the-shelf, to the brand owner is probably readily available to a counterfeiter too.  For coding and serialisation initiatives, the implementation lead-time is years not weeks.  Don’t try to reinvent these processes yourself.  Many of the key issues have been discussed and debated already – check your industry groups and look to benchmark other similar industries before commissioning your own project. For all these reasons, brand protection initiatives need to be planned as a continuous and ongoing process, with decision points, upgrade plans and what-ifs built in.  As a brand owner, this is made much easier if you use two or three key security vendors worldwide, as I discussed under tactics, rather than a plethora of local solutions that don’t relate to the global picture.  The central approach allows vendors to be involved early enough in the planning process that security can be fully integrated into the packaging or perhaps even into the product itself.  A deeper relationship gives the brand owner access to all of the new technologies that are “in the kitchen” at the vendors and gives them access to anonymised but valuable intelligence about what other brand owners are doing, what current threats they face, and in which markets. It is much more effective, in my experience, for a corporation to have a central, empowered, independently-funded product security team which oversees all brand protection issues worldwide across the whole business, rather than devolving product security responsibility to local packaging plants.  These central teams don’t need to be huge, and the delivery of individual programs will need to involve other staff in the company.  Having a central hub through which all brand security information flows makes it much easier to keep control and get economies of scale. Not all companies follow this model, and one of the key functions of a business development executive with a major security vendor is often to act as a communicator and go-between within his customer’s organisation. As my ex-CEO Jan Leschly (former Wimbledon semi-finalist and head of Smithkline Beecham) used to say: “If you don’t keep score you are only practising”.  The metrics of counterfeiting are notoriously hard to establish: counterfeiters don’t file SEC returns or submit information to the OECD.  Most of the so-called statistics on counterfeiting are based on small samples and extrapolation, if they use any data at all.  There may also be political motives either to exaggerate or downplay the numbers. Therefore, the impact of anti-counterfeiting initiatives has typically been very hard to quantify. But that doesn’t mean we can’t try.  A detailed knowledge of the baseline data (see Reality check) with before and after measurements allows the impact of brand protection measures to be at least estimated. If positive outcomes can be demonstrated early in the roll-out process then it becomes much easier to sell the benefits of continued investment to senior management. They are the people who should have Defined and Decided at the start of the process but it never hurts to show that they were right. The final aspect of the process is communication and continuation, the subject of the next and last post in this series. Please use the comment field below to give your feedback or the contact form for more detailed questions in private.
Continue Reading

DRASTIC Brand Protection Part 5: ‘T’ is for Tactics

In the fifth in this series of informal essays on the DRASTIC process for planning brand protection and anti-counterfeiting activities, I turn to tactics. In your own implementation of a brand protection initiative, don’t be tempted to skip straight to this stage: to avoid expensive mistakes, first you need to have gone through the prior parts of the DRASTIC process. By now you should have Defined and Decided, conducted a Reality checkAnalysed all the information you can reasonably generate, and then formulated a coherent Strategy.  Once you have done all this, you are ready to look at tactics. My caveat to all of these DRASTIC posts is the same: don’t expect detailed answers or technology discussions here.  Brand owners each face different situations, even across their own businesses and between brands. But, although no-one will have the same starting points, the broad aims remain the same and a discussion of some of the key principles is therefore useful. I am happy to discuss your specific needs further in private or via the comments below. Tactics in brand protection are often adapted from other security applications.  Some of the first technologies to be used for the authentication of branded packaging were originally developed for currency.  Fake money is probably as old as civilisation, and banks now use many different technologies (such as holograms, colour-shift inks, invisible taggants etc.) to prevent unauthorised reproduction and thereby maintain scarcity value.   Some of these technologies have since served well on high-value products such as pharmaceuticals, premium beverages, high-end foods and luxury goods. However, by viewing brand protection as a purely technological challenge, we can miss many other approaches which don’t need widgets and gizmos. Process Improvements and Techno-fixes Many of the best ways to defend intellectual property assets and brand value are cost-neutral or even beneficial.  The most important of these are process improvements such as reducing exposure to supply chain security risks. This is a subject that needs a separate post, but briefly as a first step in developing tactics I would advocate looking at your supplier/distributor/logistics base and sorting them into three categories:
  1. Those key partners whose security you trust and have audited. Don’t assume.
  2. Those that you need to use/retain but which have correctable security flaws
  3. Those with big security issues, or capabilities fully duplicated by suppliers in 1 and 2
Be tough about who goes where, especially if you have many similar suppliers.  Then ditch the category 3 vendors as quickly as you can manage without causing unacceptable disruption to the business.  Reward category 1 partners with longer-term deals and demand economies of scale, but keep them on their toes and avoid complacency.  For category 2 suppliers, do careful checks to make sure that security issues have been deal with. Don’t limit yourself to the immediate supplier.  Are they outsourcing any aspects of the job? Where are they getting their raw materials – can quality and security be assured? Can you verify their stated production volumes of your product? If not, you risk “third shift” production of perfect copies of your branded goods. What does the supplier do with waste materials?  Where there’s muck there’s brass, as the old saying goes.  Diverted or stolen waste is often highly valuable and can be used to fake your products or as the starting material for something you don’t want your brand to be associated with. There are many ways to improve brand security by looking at existing processes and the above example is only a taster.  Turn over all the stones of your supply chain and you may be surprised what you find.  Once these process aspects have been addressed (or more likely in parallel) you also need to decide what new security step and features you are going to implement on the product or its packaging. In many industries, it is easier to modify packaging than product, therefore brand protection technologies have tended to focus on raising the barrier to counterfeiting by increasing packaging complexity in some way.  Think about packaging design aspects first – if you use an industry standard vaccine vial, or use bolts on your replacement part that anyone can source, you make the counterfeiters’ job easier. Physical Authentication To authenticate your product you need to demonstrate the presence or absence of key features versus a suspected fake.  These may be innate features such as a specific UV or infrared spectrum, or added security components such as marks, tracers or codes.  The most common approach over the last few years has been to add several layers of security technologies that are hard for a counterfeiter to replicate.  These may include overt (visible) features such as holograms and printed features, semi-covert features that are only seen with an inexpensive filter or similar, covert (hidden) features which require more sophisticated portable equipment, and forensic (deeply-hidden) components which require laboratory analysis.  The layering is important as any one feature is vulnerable on its own. Digital Authentication Physical technologies (generally those that give a “yes/no”, “real/fake” output) can be combined with digital authentication.  The latter generally relies on codes and the association of digital information with individual stock keeping units (SKUs), production batches or product units.  The familiar barcodes on most retail products are a form of digital authentication.  They are not especially secure (anyone with a photocopier can reproduce a standard barcode) but then that is not their primary function.  There are various traceability and serialisation initiatives being discussed for food, beverage, pharmaceuticals, spare parts, toys etc.  Some of these will be mandatory and the format varies between countries and between industries. Whether the systems involve 2D matrix codes or RFID, batch–level traceability or unit-level serialisation, they all require significant investment in management resources and capital.  Therefore, a key component of brand protection tactics must be to identify and plan for all such compliance obligations.  If a 2d code is needed on your packs, it will take you several years to get the system in place so start planning for it. Not all digital authentication methods require codes to be applied.  Some “fingerprinting” technologies use the randomness of innate or applied surface features to generate a unique digital signature for each pack. Online Activities Brand protection tactics should also involve identifying and shutting down the sales channels of counterfeiters and diverters where possible.  This may involve policing online activities related to your brand and closing down rogue websites in collaboration with search engines, auction sites and internet service providers. Enforcement This is an interesting area.  Intuitively, you would imagine that the best tactic is to pursue brand infringers and counterfeiters to the fullest extent of the law and to prosecute whenever possible.  However, there may be reasons not to do that and you need to be tactically aware.  For example, if you are required to disclose a secret, forensic security feature in order to win a court case, you have blown the cover for that product in all other markets.  Rightly or wrongly, brand owners may also choose to downplay a counterfeiting issue for broader commercial reasons.  Pharmaceutical companies, for example, have been noticeably reticent about their counterfeiting issues for fear of generating consumer uncertainty and undermining faith in the efficacy and quality of drugs. If the chosen tactic is to be proactive with law enforcement, then it is the brand owner’s responsibility to develop and provide the authentication tools needed to quickly differentiate between real and fake goods.  Support, both technical and manpower, is critical to getting law enforcement on the brand owner’s side. Communication This is the subject of a later post, but you need to give some thought to what you are going to tell the customer since the very act of adding visible brand protection is a brand statement.  You may choose to use hidden taggants only and not ask the consumer to verify the product, or you may decide to involve your users directly.  Often, the conversations which result from such openness can have commercial benefit in themselves. Strike a balance between complacency and paranoia.  Brand protection budgets are never as much as we would like but counterfeiters are not always as clever as we think.  Some authentication features have proven effective over a number of years but a wise brand owner should always have a plan B ready for the day when they fail (or even better have a planned upgrade process).  Typically, profit drives innovation in counterfeiting as in most areas of commerce.  High-profile, high-value, or fashionable brands will attract more imitation than common, “vanilla” products. Your tactics may include any or all of these themes.  There are many excellent vendors of security systems and technologies who can advise (and some poorly-qualified wannabes you should avoid, too.) Start with organisations like NASPO and the International Authentication Association for physical authentication and GS1 for serialisation and traceability standards.  As always, I would love to get your feedback and I would be happy to talk privately on any of these issues.  Please use the comment field below or the contact form for more detailed questions.
Continue Reading

DRASTIC Brand Protection Part 4: ‘S’ is for Strategy

In the fourth in this series of informal posts on the DRASTIC process for planning brand protection and anti-counterfeiting activities, I will take a look at strategy. Once you have gone through the prior parts of the DRASTIC process and Defined and Decided, conducted a Reality check, and Analysed all the information you can reasonably generate, you need to synthesise this information and develop a coherent plan. According to Wikipedia, : “How a battle is fought is a matter of tactics: the terms and conditions that it is fought on and whether it should be fought at all is a matter of strategy”  That statement also broadly fits in our context.  Strategy and tactics in brand protection are often confused, but they are sequential parts of the overall process.  Brand protection strategy is about more than just authentication features and enforcement initiatives. Every situation is different, and each brand owner and industry segment will have different starting points.  This post is not a strategy manual but simply  a discussion of some of the broad principles. I am happy to discuss these further in private or via the comments below. 1. Begin with the end in mind This is unashamedly a quote from “The 7 Habits of Highly Effective People” by Steven R. Covey.  It is as applicable to corporate development as it is to personal growth and describes perfectly the need for focus on the long-term to achieve high performance.  The strategy for protecting your products and brands needs to be clear about what the future benefit to the corporation and its customers is going to be.  Brand / product / consumer protection needs to be seamlessly integrated into the various other elements of corporate strategy, not bolted on as an afterthought.  Counterfeiters and diverters are competitors as well as criminals, so use the elements of competitive strategy to outwit them. 2. Include all relevant factors and inputs You may decide, on the basis of a cost-benefit analysis, that in certain parts of the business your strategy is to do nothing.  If you take this approach, make sure that all costs and benefits have been measured or at least estimated, to avoid a Pinto situation.  A brief recap for those who haven’t seen this case study: in the eighties Ford had an apparent problem with the fuel tank on its Pinto model, which was prone to explode in collisions.  The cost-benefit argument put forward at the time led Ford to conclude that it was almost three times more expensive to fix the problem than to live with it and pay the litigation. What they didn’t include in the equation was the brand damage caused by what customers perceived as a cold and calculating approach. Ford won the legal battle but arguably it was a Pyrrhic victory in broader terms.  With the increased transparency and immediacy of communication between customers thirty years later, I doubt any brand would respond similarly to such a known risk today. 3. Look at all the likely scenarios If the strategic goal is to reduce diversion between markets due to unauthorised distributor activity in the legitimate supply chain, then the tactics will vary from those of a brand owner who wants to prevent counterfeit products being passed off as his own. Someone whose main problem is cargo theft needs a different approach to a corporation who wants to prevent infringement of their brand online.  The brand protection plan therefore needs to have clear goals which link with the external risks. I would advocate involving one or two major, trusted international security vendors with cross-sectoral experience. Their anonymised insights from other customers and from other industries can be useful time-savers.  The unit costs of brand protection technologies are dramatically lower if two or three trusted partners are used globally and involved early. 4. Take geography into account Most brand owners with serious counterfeiting, diversion or infringement problems will have business operations in many geographical locations and multiple countries.  The logistics environment may therefore involve many different legal and regulatory frameworks. Don’t pick your strategy team solely from the pool of HQ execs.  Solutions designed by committee in a conference room in London or Los Angeles may not work in Lagos or Lima, so make sure that people who have to deal with the sharp end of the problem are involved in designing the solutions.  Local plant managers and country heads are usually very savvy operators who will have useful insights. 5. There is no supply chain any more The ability to source counterfeits of almost anything is now so widespread that I would argue that the linear supply chain is a thing of the past.  The true situation between brand owner and customer is now a supply web, with multiple potential connection points between legal and illicit trade and many ways for counterfeit, stolen, adulterated, expired or otherwise sub-standard products to enter the system.  The logistics mindset needs to shift in reaction to the new reality.  We can build strong barriers and high fences to stop unauthorised people using our private highway but it doesn’t stop them from driving to the same place by a different route. 6. Think of what to stop doing, as well as planning new initiatives This is obvious but sometimes lost in the enthusiasm for a techno-fix.  One of the simplest things that can be done to improve supply chain security is to reduce the number of suppliers.  This automatically reduces the number of nodes in the supply web, and reduces management complexity as a useful by-product.  Clearly, there is a balance between the requirements of disaster continuity, commercial flexibility and security.  Having only one supplier of any business-critical commodity, however reliable the partner is, is not a good idea.  But do you really need fifteen packaging suppliers in Brazil?   You may also choose not to enter certain markets at all, or to avoid exposing your most vulnerable products.  Don’t assume that the counterfeiters will make the same commercial decision.  Fake products are often found in markets where the official version is not sold. 7. Keep it simple This is strategy, not tactics, so keep the outputs simple, concise and focused on the big picture.  Strategy components could be as simple as “We will reduce the incidence of counterfeit versions of our products to below X%” or “We will invest in enhanced brand protection globally for products A, B & C immediately but will keep D, E, & F under close review” or “We will cease commercial activities in country Y” 8. Break strategy down into actionable areas Once the main points have been agreed, have sub-committees work on the tactics.  How are you going to achieve the aims you have set out. What are the budgets needed?  This area is the subject of the next post. As always, I would love to get your feedback and I would be happy to talk privately on any of these issues.  Please use the comment field below or the contact form for more detailed questions.
Continue Reading

DRASTIC Brand Protection Part 3: ‘A’ is for Analysis

Having examined Definition and Reality Check in the preceding posts, in part three of this series on the DRASTIC process for effective anti-counterfeiting and brand protection, we look in more detail at data types and what to do with them.  ‘A’ is for analysis. Hard evidence on counterfeiting, diversion, intellectual property violations and other brand-damaging criminal activity is difficult to come by.  But only by analysing what is happening right now, before you implement your plan, will you know in the future if your actions have improved the situation .  The analysis stage therefore assumes that in the reality check phase you have gathered all available information and tried to fill any large “don’t know” gaps. Don’t be too judgmental about the available data at this stage.  You are trying to build an overall SWOT picture of your supply chain. The image will be fuzzy and  incomplete, and one of the key outcomes may be simply an indication of where you need to look harder.  Useful information can come from a variety of sources: Ongoing enforcement activities: In-house security and cooperation with external law enforcement should both be tightly integrated with brand protection strategies.  Sounds glib and obvious, but amazingly it doesn’t always happen.  Where there is an investigation into an ongoing counterfeiting case, the information will likely be shared with the relevant people. But counterfeiting is often linked to theft and diversion, both of which frequently involve insiders.  Therefore, site security may get the first warning that there is a new supply chain threat.  Suspicious activity such as attempted intrusion or employees found in unauthorised zones should be reported. There should also be a mechanism for human resources to report any relevant disciplinary action or employee activity which, though not directly incriminating, could indicate a potential system vulnerability. All employees need to consider themselves a brand protection agent, and should be rewarded when they identify new threats. External agencies may also have useful information that they don’t know that you want.  If you only involve law enforcement when you really have to, the financial loss has already occurred and the brand may already be damaged.  Get used to thinking proactively about prevention.  In most countries, the police and customs will welcome extra resources, training and information from brand owners if it helps them to do their job better.  They are more likely to share information with brand owners whose representatives they have met personally. As with all networking, you need to build the rapport before you need it – don’t be the stranger when you want their help in a crisis. Mystery shopper activities and other market surveillance: The reality check phase should have generated useful information on what products are being counterfeited or diverted and in approximately what quantities.  Careful analysis of the products, their packaging and their sources can also often reveal how, where and when the illicit goods are being made as well as details of the criminal supply chain. Don’t assume that counterfeiters are either stupid or brilliant.  Go into each situation with an open mind and be guided by the data.  Industry sources: Many industries have trade associations, security syndicates or other groups which share confidential information between themselves on product security and counterfeiting issues.  Join these groups and play an active role.  Collective vigilance and collaborative enforcement is much more cost-effective than trying to play the Lone Ranger.  Customer-generated information: Customers, by definition, exist everywhere that you sell product.  Your customers are therefore your biggest security team, so listen to what they say.  Product returns and complaints may be due to a manufacturing fault or they may be evidence of fake product.  Your customer services team should therefore share data freely with your brand protection team.  Ideally, the brand protection people should also train customer services in what to look for and how to gather evidence.  As well as the formal channels, look for other information sources.  The great majority (over 90%) of dissatisfied people don’t make an actual complaint to the manufacturer, but they may tell all their friends about it.  Nowadays, they have plenty of tools to disseminate their irritation online in real time.  Analysing the “buzz”  about your brands on social media sites like Facebook and Twitter can provide an insight into potential problems – both quality and counterfeiting issues – which you need to know about.  There are various software programs which can automate this process – contact me for more information. Specialist data: In some fields, there may be other specialist datasets that are useful and relevant to brand protection.  In the pharmaceutical industry, for example, pharmacovigilance teams look for reports of side effects. These are normal and unexpected clinical events occur for all drugs to a greater or lesser extent.  However, if there is an unusual cluster of reports of bad reactions to the same drug then it could indicate the presence of sub-standard or fake drugs in the supply chain – but only if the right people get the data and the events are followed up appropriately. Once you have collated and analysed the raw data, you need to segment the problem across your markets and your products, to identify areas of high risk and areas of lower risk. A balanced scorecard approach or similar anaytical tool is usually helpful in framing the data in a robust way and assigning a score to each situation. There are many ways of doing this process – please get in touch if interested. Most of the problems and risks you identify during the analysis process will come from outside the organisation but others may stem from hitherto unidentified poor practices within your own supply chain. If you uncover any of these, take it a as gift rather than hiding it or brushing it under the carpet.  Better to realise that your back door is unlocked before your house is burgled. When data have been gathered, cleaned, sliced, diced and fully baked, it is time to use the information to create a coherent brand protection strategy.  That is the subject of the next post in the series.
Continue Reading

DRASTIC Brand Protection Part 2: ‘R’ is for Reality Check

This is the second in the series of more detailed posts outlining the DRASTIC process for planning and implementing  anti-counterfeiting and brand protection activities. The first post discussed the executive-level Definition and Decision point – the vital first step in establishing momentum. Once that internal buy-in has been achieved the next step is to look outside the corporation at the real world. ‘R’ is for Reality Check. As often pointed out by me and others, many of the publicly-quoted numbers on counterfeits are nonsense.  This is perhaps not surprising, since counterfeiters do not complete survey forms for national statistics offices or submit accounts to tax authorities.  They seek to disguise, not differentiate their products.  Many of the ‘statistics’ about counterfeiting are therefore not statistics but estimates and guesses. Poor or non-existent raw data is often extrapolated, disseminated and perpetuated. In truth, there is no meaningful single number that describes the prevalence of fakes in any given industry.  The frequency of counterfeits changes over time as well as spatially.  Since counterfeiters do not generally implement Six Sigma, Good Manufacturing Practice or any other meaningful standards,  the ‘quality’ of counterfeits can also vary widely even from the same source.  The situation is complex and fluid, but we should at least try to be as thorough as is practicable in our efforts to collect data.   The way to approach this issue is to ask yourself the question ‘Do I know what is really happening in my markets?’  If you have not measured counterfeiting and diversion as thoroughly and quantitatively as possible for all of your products then the answer is no.  These are very hard things to do, but they are necessary.  Even patchy hard data are more useful than supposition.  Like space exploration, the first fuzzy maps provide clues about where to send the next probes. One of the best ways to assess the scale and nature of counterfeits is to make test purchases.  This involves sending people to buy your branded products on your behalf and then checking the authenticity of those products.  It sounds simple but this is not a trivial exercise and must be planned and executed carefully.  Some companies therefore outsource this monitoring task to specialist companies.  If you decide to do it in-house, bear the following points in mind to ensure that the results are as statistically valid as possible:
  • Design and conduct the survey as scientifically and as systematically as possible to avoid bias
  • Look in unofficial markets and bazaars as well as shiny downtown stores
  • Check the backwaters as well as the big cities
  • Measure emerging countries as well as major economies
  • Do not tip off vendors about the purpose of your purchase
This last point is important.  Some well-meaning surveys have been criticised for methodological flaws that have probably alerted store owners to the true nature of the purchasing exercise.  This forewarning may therefore have skewed the results and resulted in a falsely low estimation of counterfeits.  To avoid tipping off the seller, sensible survey methodology is needed.  Sending foreigners to conduct the survey is clearly going to be a red flag, but so is asking a local agent to purchase six or seven unrelated products of the same brand at a single store.  Since there is a lot of profit to be made from fake products, those in the trade can be expected to defend their business – violently when necessary.  There are therefore real safety concerns in conducting ‘mystery shopper’ exercises in some locations and thorough risk assessments should always be conducted beforehand.  Survey staff should not be put in compromising positions.  This is not an activity for the untrained. Reality doesn’t stand still.  Shifts in your corporate strategy, business model or geographic emphasis should be accompanied by extra market surveillance.  In the pharmaceutical industry, for example, where much of the new growth is expected to come from emerging markets, a corresponding increase in vigilance against counterfeits is needed.  Law enforcement capacity in many emerging countries is simply not sufficient to police brand violations.  We need to build a strong set of data to combat the inevitable rise in counterfeits that will follow this increase in the use of internationally-branded drugs. The reality check may be painful and even embarassing at a corporate level.  There must be an amnesty on reporting bad news if the exercise is to be successful.  If you want people to continue to report real data, warts and all, it is no use punishing the manager of a local operating company when the survey results imply a much higher level of counterfeits on his patch than previously realised. Finally, do not assume tat all of the criminality is external to the organisation and its supply chain.  Insider involvement in counterfeiting and diversion is common, and may include local staff, distributors, suppliers, logistics providers etc. Systems should be designed to monitor product movement into, out of and within the supply chain.  In this regard, the increase in serialisation and traceability initiatives will provide a useful tool. All of the above activities are going to cost money and management time but in today’s globalised trade environment they are vital if brands are to protect their value and remain relevant to consumers.  If a competitor was stealing tw0/ten/twenty percent of your market share, you would allocate significant resources to finding out how and stopping it.  Counterfeiters (on a purely commercial level) are just particularly unscrupulous competitors.
Continue Reading

DRASTIC Brand Protection Part 1: ‘D’ is for Definition and Decision

After my earlier post on the DRASTIC framework for brand protection, the next few instalments will explain and expand each of the letters in the acronym.  The first element, and must-have component of any brand protection program, is definition and decision. Definition must be a clear and simple view of what the program is for.  Not the strategy or the tactics, which will come later in the process, but the one or two line statement that encapsulates what the brand owner is trying to achieve.  In the case of pharmaceuticals,  food, or other items which could cause direct harm, this statement should focus on safety.  If the welfare of the consumer is not the prime concern of a brand protection program then it is doomed to fail.  There is legitimate scope for other objectives such as revenue protection to be included as well as safety, but never instead of it.  To keep the right emphasis, it is usually helpful to view the problem as one of product protection rather than brand protection. Brand protection is useful shorthand but if taken too literally can lead to skewed emphasis. Product Protection vs. Brand Protection If we concentrate on ensuring that the product is protected, then we automatically put the consumer safety aspect centre-stage.  We aim to prevent the product itself from being tampered with, stolen, counterfeited or diverted. Product integrity leads to consumer safety.  If, however, we focus on brand protection, we are trying to prove that whatever caused the problem wasn’t to do with our brand or corporation.  The market may be flooded with dangerous fakes but a purely brand protection strategy seeks to prevent the bad attributes of those products from being associated with the genuine brand.  A product protection strategy seeks to prevent the public from being exposed to sub-standard versions of the branded product.  A subtle difference in emphasis but an important one. Once the aims have been defined, a clear and accountable decision must be made.  This needs to be made by the CEO or one of his direct reports, for several reasons. Firstly, this is a very serious corporate risk issue with potential major impact on consumer safety, brand reputation and stock price.  The last point alone conveys a fiduciary duty on executives to take product protection seriously to protect shareholders’ investments. Secondly, the integration of product protection runs across almost all of the disciplines in a corporation, from R&D to production to finance to sales and marketing.  Unless the edict comes down from the very top, turf wars and corporate politics will delay and sometimes even stall product protection programs.  Assigning middle managers to product protection roles without the clear and unequivocal backing of the C-suite will not work.  Finally, for a brand/product protection strategy to work well then money needs to be spent.  Some operational efficiencies often pop out when processes are examined carefully to improve supply chain security, but in general someone has to write large cheques.  The cost per unit may be small but multiplied over billions of units they mount up.  These funds should, wherever possible, come from a central budget source.  The surest way to generate internal resistance is to push the costs of implementation down to local operating companies or manufacturing plants.  These entities are often measured on their ability to cut operating costs, thus are incentivised in precisely the wrong direction in the context of product protection expenditure. The ‘D’ may seem the easiest component of the DRASTIC process, but it is surprising how often senior management support is patchy, vague or ill-informed.  Without a clear board-level discussion about product protection and a formal mandate (and funds) for subordinates to act, all the other steps are pointless.
Continue Reading

Brand Protection Calls for a DRASTIC Plan

Fake products abound in all industries today.  Despite the rising threat, brand owners have sometimes been caught off guard by counterfeiting and have allowed themselves to become defensive and reactive.  Some have perhaps viewed the problem as a law enforcement issue largely outside their control and therefore not amenable to normal management techniques.  But by viewing counterfeiters not just as criminals (which they are) but as competitors then we can start to think more strategically about how to combat their activities. Blue Sphere Health initially developed the DRASTIC* process as a thinking framework for corporate change initiatives. It works in a variety of settings where corporate big-ticket decisions have to be made and where there are no easy solutions.  It has specific applications in the design and realisation of brand protection activities, which have sometimes struggled to get the senior management facetime that they deserve.  If you are new to these issues, or just want a new perspective on the problem, here is our free guide to DRASTIC planning to help you avoid the potentially drastic consequences of inaction. If you like it, please use it or adapt it and leave me a comment below.  Tell others by tweeting it using the button above and join our Twitter twibe ‘SafeMedicines’. D = Definition (and Decision) First, you need to agree and formalise the business objectives of brand protection.  What is the scope and remit of the project? Make sure that the project has top-level buy-in, from the CEO downwards.  He or she is the person who will be on the evening news if people die after using counterfeit versions of your product, whether it is a vaccine, yoghurt drink or brake pad.  Brand protection has arguably not yet had a real BP moment, where the public has identified a problem with a specific corporation and a specific executive, and hammered them both, but it will probably happen.  R = Reality check Many of the public numbers on counterfeits are nonsense.  Poor or non-existent data is extrapolated, disseminated and then quoted as fact by people who should know better. Ask yourself the question ‘Do I know what is really happening in my markets?’  Have you measured counterfeiting and diversion as thoroughly and quantitatively as possible?  These are very hard things to do, but they are necessary. If a competitor was stealing ten percent of your market share, would you allocate significant resources to finding out how and stopping it? A = Analysis Gather and use all available data.  This may include information from enforcement activities, both in-house and in cooperation with external law enforcement organisations.  It may also include customer-generated information: returns, complaints, “buzz” on social media sites can all provide an insight into potential problems.  Monitor baseline data so that changes in profiles act as a warning to check for penetration of substandard or counterfeit product into the supply chain. Once you have analysed the data, you need to segment the problem across markets and products, to establish areas of high risk and areas of lower risk.  A balanced scorecard approach is usually helpful. S = Strategy Armed with the appropriate analysis of the available data, devise a balanced, proportionate plan of action.  Make sure that the product protection objectives are harmonised with the business objectives.  If you are worried that brand protection is going to cost money, you are right – it will.  But it is an investment not a sunk cost.  Penny pinching on anti-counterfeiting, anti-diversion and supply chain security measures is short-sighted.  Apply cost control measures by all means, but don’t view direct cost reduction as the only metric of success.  The indirect, downstream costs of inaction or inappropriate action will dwarf the direct, upstream costs of brand protection. T = Tactics Many companies make the mistake of skipping the steps above and jumping straight to this one, thinking that technology is the answer to brand protection problems.  This is a bad idea.  Sure, there are some great technologies available and practical solutions are needed but they must be built on a basis of knowledge, be part of a wider strategy and have the unequivocal support of top management.  Whatever technologies are chosen (contact me if you need more info on this) they should be ‘layered’.  That is, there should be more than one authentication technique available for each protected pack and these should complement each other so that if one is copied or compromised the other(s) will still allow verification of authenticity.  Never put all the brand eggs in one basket, however infallible and high-tech the receptacle looks and whatever the claims of the basket manufacturer. I = Implementation Often this is the neglected aspect in planning brand security programs.  As a general rule, most people are not comfortable with change.  This applies regardless of education level or nationality.  So don’t expect to be received as a long-lost brother when you tell the plant manager in Mexico that you plan to put new monitoring equipment on his line that will require downtime, revalidation, extra local costs etc.  The inertial drag of rolling out large authentication  or traceability programmes means that plans need to include appropriate time and resources to deal with issues that are nothing to do with brand protection. C = Communication (and Continuation) Clearly, there are occasions when silence is golden: deeply-hidden forensic security features should not be disclosed to anyone who does not have an urgent need to know.  These materials provide the last line of defence and are only used as a final resort if authenticity cannot be proved by other means.  However, in most other cases telling people is a good idea.  If the security feature is aimed at customs officials, pharmacists or other interested parties then produce a technical guide, leaflet or website where they can be educated about the need for brand protection and the nature of your investment in it.  If the feature is aimed at consumers then tell them what to look for! This seems ridiculously obvious, yet many brand owners put a visible feature on the product (perhaps to tick the box for liability reduction) but do not  tell their customers for fear of stirring up awkward questions about the safety and authenticity of the brand. C is also for continuation.  The DRASTIC process should be repeated at regular intervals to ensure that brand protection is appropriate for the market conditions, which change all the time. If you would like more information on how to implement DRASTIC, or on any other aspects of authentication and brand protection, don’t hesitate to get in touch. *DRASTIC process (c) Blue Sphere Health Ltd 2010
Continue Reading

Contact Us

Your Name (required)

Your Email (required)


Your Message

Pharmaceutical Anti-Counterfeiting

Combating the Real Danger from Fake Drugs has become a must-have primer on anti-counterfeiting and is widely used by drug companies, regulators and others. The book covers the legal, strategic and political issues as well as the technical counter-measures such as process control, digital serialisation and physical security.

Pharmaceutical Anti-Counterfeiting book