Sun, Apr
7 New Articles

Harmonizing Bayer’s Compliance Regionally

CEEIHM Issue 1.2.
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

When he was promoted this May to Regional Legal & Compliance Operations Europe, Middle East, Africa at Bayer, Krzysztof Mazurek told CEE Legal Matters that his key objectives in his new position would be ensuring efficient support for the business “using above-country expertise and working with HQ and local legal & compliance colleagues so that the global solutions and service delivery models fit local markets and business needs.

When he was promoted this May to Regional Legal & Compliance Operations Europe, Middle East, Africa at Bayer, Krzysztof Mazurek told CEE Legal Matters that his key objectives in his new position would be ensuring efficient support for the business “using above-country expertise and working with HQ and local legal & compliance colleagues so that the global solutions and service delivery models fit local markets and business needs.”

And he hit the ground running doing just that – Mazurek is currently working hard on harmonizing compliance procedures for Bayer across the EMEA region and making them operationally sustainable. Mazurek is part of Bayer´s Global Compliance and Data Privacy Team, with two other regional centers responsible for operations in Asia Pacific and Latin America and Canada. “We all collaborate – Global Compliance and Data Privacy, Project Leads, Process Designers and regional teams – to make this global transformation of Bayer´s compliance and privacy operations a reality,” he explains. 

“The process is about half of the way through,” Mazurek says. “The idea is to take certain business processes where there is strong compliance involvement, like instances where our company interacts with healthcare professionals, and to streamline the respective compliance processes.”

He describes the company’s endeavor as a desire to establish standardized, high-quality processes for approvals and compliance checks with cross-border parameters harmonized for multiple jurisdictions whenever possible. “For example, if there is a policy on giving gifts to healthcare professionals – there are situations in which this would usually be acceptable, such as during a global congress, and those in which it would not, such as in a doctor’s office,” Mazurek says. “We set out to map all of the acceptable occasions in which this is okay in the European Union, and came up with approximately 40 such instances.” He says that, out of the entire 40, there are, in fact, just “15 or 16 distinct situations – all of the other ones are just repetitions of the same situation using different words, such as scientific congress, educational congress, differentiating symposiums and conferences, and the like.”

Mazurek says that his team worked to draft a proposal for simplified terms and conditions of behavior for these activities in order to “allow businesses to navigate these waters more easily.”

What Sparked the Process? 

The origins of the idea for such an ambitious endeavor were not sparked by a single event, Mazurek says, but were rather a “natural next step, given the complexity of an organization the size of Bayer.” He says that this was a combination of the company’s desire to be faster and more dynamic in their approach to compliance, all while maintaining financial efficiency.

“It is very important to us to keep the compliant handling of business as easy as possible,” he says. With very complex rules, doing business is hard and there is not enough room to “be entrepreneurial and agile in making decisions – not if you have to constantly consult multiple lawyers or compliance professionals at every step of the way. So we seek to provide a simple, cost-efficient, streamlined approach, and provide clarity to the business and allow easier management from a process perspective.”

Mazurek says that, in the past, corporate headquarters would provide compliance with “certain parameters and principles that would have to be operationalized on a national level. Like in the previous example of giving gifts – each country would have its own local gift policy with compliance rules pertaining to this business activity” Unsurprisingly, though, “90% of these compliance rules are the same, because corporate HQ would be providing us with the same principles – so we figured that, as opposed to doing this in each country, it would be more prudent to detect a pattern for a process compliance.” He feels that the overlap of similar regulation in the EU is very high, especially in those areas that have common and similar legislation, like the pharma sector.

“The differences that do exist, the 10% where things are not the same, are granular as well and, by definition, complex – so you have to manage them directly and with more attention,” Mazurek continues. “A regional organization for certain country processes that overlap could elevate these processes to a regional level and simplify them, creating more room for efficient harmonization in approach.”

Measuring Success 

Of course, managing such a complex process spanning a large number of jurisdictions warrants a well-thought-out set of indicators to allow for its success to be measured. “We have complicated and complex key performance indicators to allow us to benchmark the process,” Mazurek says.

One of the primary KPIs Bayer uses is, unsurprisingly, financial. “This means that certain country-level spending would be redirected to the region, but it is for the best,” he says, because this means the creation of global standardized processes “that could then be used in those countries as well, thus leading to more harmonization and cost efficiencies.”

Second, Mazurek says that the amount of approvals generated automatically is expected to be high. “If 80% of the process can be completed automatically, say by comparing gift country value ranges to requestor inputs – you don’t need a lawyer checking every single minute every detail.” 

Third, a monitoring parameter would exist. “We would like to be able to both mechanize and automate certain things, but this of course comes at a risk,” Mazurek says, adding that people can get too relaxed when processes are automated. “One cannot be overly confident when it comes to mechanization so we enable periodic checks of random samples to see if things are coming along as planned.” This is not an easy task for a company the size of Bayer, he says, but the benefits impact all the sectors the company operates in.

Most in-house legal departments do not employ the kinds of individual time-tracking tools so common in law firms. Instead, Mazurek says that process data is collected via interviews with local compliance team members. “In many of the countries, we operate in a highly-organized manner that allows us to quantify local data, see how many steps are needed in an activity, how many activities comprise a full process, and how many processes constitute a workflow.”

“In any event, we allow ourselves a buffer of about six months for processes like this, to be able to analyze them fully and see what the turnaround time is, what the level of complexity is, if it can be automated, etc.” Mazurek says. The end goal is to understand each process better and to be able to see how much time it takes, what exceptions exist, how often they appear, and how long a time it takes for a red flag to appear. “We want to generate as much as data as possible and then apply things like big data analytics and machine learning to be able to manage our resources even better – see which areas require further training, compare automation rates between the countries, and come up with harmonized norms.”

Expectations for the Future

Coordinating an operation this large and sorting through mountains of data is not easy, but Mazurek says that they “have gotten very lucky, because of being able to use the expertise of Bayer Shared Service Centre Delivery Network” – a global network of Bayer services centers which provide business support for the company´s network worldwide. “The SSCDN has the necessary experience in bringing services from a dispersed, granular, country level to a harmonized, regional, or even global level – and we use the same methodology as they do,” he says.

First, together with the Global Project Team and process designers, we document a process, taking into account the scope of compliance local rules and regulations placed on it – just to map things out and try to understand what it is that we’re doing,” Mazurek begins. Understanding where a requirement is coming from and what tools exist at their disposal allows for painting a landscape against the backdrop of which the process can proceed. “From here, we determine if we can organize and harmonize over multiple markets. To use the gift example again – to see if the regulations are similar in cases of gifting samples, sponsorships, services agreements, and the like.” 

After that, Mazurek says that a global blueprint is designed as a “sort of a universal formula we believe should work in every country. We then get cross-jurisdictional feedback and draw conclusions.” Often, he says, the conclusion is that there is a significant overlap between the countries with certain small deviations. “With this global blueprint and the deviations, we start designing and building the workflow, and with the support of SSCDN process engineers, we translate this into an IT flow, which we then roll out to a country for further feedback. After operational readiness, we apply special attention to this process – or HyperCare as we call it – for a period of two months and look for gaps and improvement needs in solution.”

The project has a two-year timeframe, and is currently being half-way, Mazurek says, noting that he expects it to “be done by the end of 2021.” According to him, “we wish to be quite thorough in our preparation so that we can deliver services to all of our businesses and ensure strict compliance.” Of course, two years is a long period, and local legislation can change, but Mazurek says that they’re on top of that as well. “We monitor these changes and input them into the model, this allows us to provide long-term services sustainability.”


Having such a complex and complicated process in place, which spans across many different jurisdictions, becomes ever-more complicated as the number of countries it seeks to cover grows.

“We would not want to put unnecessary roadblocks to our business – we simply enable the business to be compliant in a fast, efficient, and sustainable manner,” Mazurek stresses. “A country granularity is not long-term sustainable, he adds.”

For this reason, Mazurek says that it is crucial to bring the process down to a common level, applicable everywhere. “Bayer has a number of internal regulations and is part of global business organizations whose policies also require close attention. For example, even if it may be, on average, permitted to give gifts to physicians, we may opt not to do it at all, globally, so that we could have a harmonized approach and avoid pitfalls.”

The ultimate goal is to be able to use the data from the compliance requests from all countries and visualize it in such a way so as to determine the amount of leeway there is in each jurisdiction. “We would like to strike a balance and find those processes that are already largely harmonized and to try and harmonize those for which countries do not impose harsh requirements.”

Who is Leading the Charge?

The Project is led by the Global Compliance & Data Privacy Function. However, spearheading such a colossal project requires a wider area of expertise, which Mazurek feels also necessitates a level of interdisciplinary knowledge.

“On the one hand, you have lawyers and compliance professionals who are highly intelligent and flexible thinkers, but who may have difficulties designing processes and building workflows,” he says. On the other hand, it is critical to engage engineers who are “more adept at algorithmic thinking. We benefit from a great legal and compliance department that knows the legal frameworks inside and out and we try to create a synergy between it and our analytical engineers.”

Mazurek says that this mix, of legal, compliance, data privacy, and engineering, hits the sweet spot when it comes to project leadership. “As long as this collaboration exists, it does not matter who is in charge – the user will see the result in terms of useful advice provided, templates generated, inputs given, etc.” 


“One overarching experience from working on a project such as this is that it breaks the stereotype about countries pushing back on the idea of similar frameworks and touting their uniqueness,” Mazurek says warmly. “Oftentimes, countries tend to portray their regulatory framework as special and different, but in my experience – especially in jurisdictions such as those in the EU – the more the overlap the more the readiness to accept it.”

Mazurek also describes himself as having been “pleasantly surprised,” when he joined the project, to find and meet people who are passionate about the processes. “Coming from law firms in which everything is so country-specific and narrowly focused – here there is so much passion about the regional and global processes in all jurisdictions. This is an amazing feeling and the team surprised me greatly,” he says, emphatically.

Finally, to any newcomers seeking to try their hand in international compliance and data privacy harmonization, Mazurek says “be brave and be open – there is a lot in common between the countries, but at the same time, do not underestimate the differences, even when they are minuscule. To draw an amusing parallel: humans and chimpanzees share about 99% of their genome – but what a huge difference just 1% makes!” He says that it is absolutely imperative to devote ample time to country sessions and feedback rounds and to ensure enough time and energy focus on the differences between jurisdictions. “It’s easy to focus on the overlap because that part is harmonizable instinctively and draws attention first, naturally, but one must not forget that it does not make the whole picture.” Mazurek emphasizes that having strong relationships with local teams is as valuable as checking the laws and requirements against the desired harmonization process. “It may seem difficult, but it will come into place. Give yourself sufficient time.”

This article was published in issue 1.2 of CEE In-House Matters. The full edition is available here in pdf format, here in e-reader format, and here in electronic format.

Our Latest Issue