This week FDA released a Warning Letter* issued to a GMP vendor in India that points to a very important issue that all companies using vendors, specifically foreign vendors, should be aware of, namely, who is listed as the manufacturer on the Certificate of Analysis (COA). Is the vendor being truthful about its sub-vendors and are those sub-vendors also compliant with US regulations? A vendor is not allowed to mask the names of its sub-vendors on the COA. ICH Q7, Section 11.4, is very clear on this issue; the COA should list the “original” manufacturer and should be signed off by the QA personnel of the “original” manufacturer. In case, additional analysis has been carried out by a repacker or reprocessor, the COA should identify the repacker/reprocessor and reference the name of the original manufacturer. Also, if new certificates are issued by or on behalf of repackers/reprocessors, agents or brokers, these certificates should identify the lab that performed the analysis and contain a reference to the original manufacturer and to the original batch certificate. A copy of the original batch certificate should be attached. In an audit of Sal Pharma of India last year, FDA found that the Sal Pharma simply took the COAs released by its vendors and copy-pasted them on a new letter-head thereby attempting to hide the name of the vendors from its customers. By doing this Sal Pharma fraudulently declared itself to be the original manufacturer. Although this author was not involved in this audit, based on my experience working with foreign vendors, I can think of a few reasons Sal Pharma would do something like this. First, Sal Pharma likely did not want to tell its customers who the original manufacturer was to avoid its customers directly going to the said original manufacturer cutting out the middlemen. Second, the sub-vendors were not registered with the FDA and likely did not have proven compliance to US regulations. Sal Pharma had been through this issue a few years ago when in 2011 it was found in violation and issued a Warning Letter for shipping products to the US without registration with the FDA. So, it certainly was aware that all companies who manufacture products for shipment to the US must be registered with the FDA. Likely, Sal Pharma did not want its vendors to register with FDA and gain visibility to its customers. Third, and most critical, Sal Pharma likely suspected (or worse was aware) that its sub-vendors were not compliant with US regulations and did not want to shine a light on that. The customers of Sal Pharma probably audited the shiny facilities of Sal Pharma for compliance but were oblivious to the sub-vendors who were the actual manufacturers of the products received in the US. The most common reason for this is financial. Sal Pharma likely bought the API on the cheap and marked it up for sale in the US. So, what can all companies doing business with foreign vendors do to avoid such behavior? Do better due diligence, verify documents for authenticity, and insist on full disclosure. The irony of this ordeal for Sal Pharma is that its wounds are self-inflicted and come from ignorance of US laws. If Sal Pharma wanted to avoid telling its business secrets to its customers, it could have easily done it by disclosing full information in its DMF and issued an abbreviated COA to its customers. But creating fake documents is definitely a big NO.
[*For some explained reason, the Warning Letter was removed from FDA’s website while this article was being written. No reasons provided by the FDA. However, the contents of the above Warning Letter were widely available at other outlets]
