Risk as a catalyst: PwC’s Tiffany Gallagher on healthcare compliance innovation

In recent years, technological solutions have revolutionized compliance in the healthcare and life sciences industries. Once seen as an onerous cost center, compliance technology solutions are now being integrated across divisions to serve as a potent business facilitator.

Tiffany Gallagher, US Health Industries Risk & Regulatory Leader at PwC, spoke to me about how life sciences industries are using emerging tools to make their compliance programs more efficient, proactive and streamlined.

As technology becomes more efficient and complex, so too will the expectations of regulators, Gallagher said. She highlighted the changing role of compliance officers in a post-AI world, where their responsibilities are increasingly intertwined with supply chain, research, and IT functions.

Our conversation touched on the use of AI-enabled analytical models, compliance function outsourcing and internal collaboration, and why one should view risk as a catalyst for innovation.

New technologies

Gallagher said: “Pharmaceutical and med tech companies are shifting compliance from a reactive cost center to a strategic business enabler by embracing advanced technologies and innovative operating models.

“This transformation is enhancing risk management, driving operational efficiency and embedding compliance into the core of business strategy.
Digital tools, automation and data analytics are enabling compliance teams to anticipate and mitigate risks earlier in the process.

“Predictive analytics support smarter decision-making, while automation reduces manual work and errors – freeing up resources for higher-value strategic initiatives.”

Outsourcing and collaboration

“Innovative operating models, including outsourcing and agile frameworks, are helping organizations respond faster to regulatory change and scale their compliance functions more effectively. Cross-functional collaboration is also breaking down silos and embedding compliance across all areas of the business,” Gallagher noted.

These advancements are delivering real results, such as:

Improved regulatory readiness, with the ability to adapt to global requirements in real time.
Stronger organizational resilience, particularly during market and regulatory disruptions.
Increased trust from stakeholders and regulators, which helps differentiate in a crowded market.

By integrating technology and new models, companies are positioning compliance to support long-term growth, innovation and competitive advantage.

“As compliance grows more complex, companies are outsourcing operationally intensive areas such as global spend transparency, healthcare professional (HCP) engagement management, monitoring and analytics, investigations and risk assessments. These areas demand precision, scale and specialized expertise, making them ideal candidates for outsourcing.,” she said.

Outsourcing also enables organizations to reduce internal workload, manage global regulatory complexity and access cutting-edge tools and talent without the overhead,” Gallagher stated. For example:

Transparency reporting benefits from AI-enabled data validation, expert reviews and automated audit-ready reporting across jurisdictions.
HCP engagement is streamlined through centralized platforms that manage needs assessments, FMV, contracting and payments in a compliant, scalable way.
Monitoring and analytics deliver proactive insights through AI-powered transaction analysis, helping teams act before issues escalate.

Strategic benefits include:

Regulatory confidence, with continuous oversight and access to expert knowledge.
Operational efficiency, through standardized processes and automation.
Cost control, by avoiding the need for large in-house teams or legacy systems.

“Looking ahead, companies are increasingly adopting hybrid models; keeping high-risk areas in-house while outsourcing execution. This approach enhances compliance effectiveness while allowing internal teams to focus on strategy and oversight,” Gallagher highlighted.

From manual approvals to automatization

“Technology is central to modernizing compliance, shifting the function from manual and reactive to automated, integrated and strategic. Legacy compliance systems often relied on fragmented workflows, manual approvals and data silos, resulting in inefficiencies and increased risk,” said Gallagher.

“Today, automation, cloud-based platforms and real-time data analytics are streamlining compliance operations. These tools reduce administrative burdens, enhance audit readiness and lower the risk of human error. With structured digital records, organizations can respond faster to regulatory inquiries and scale compliance efforts more cost-effectively.

“There’s a shift from risk avoidance to risk agility – viewing risk not as a constraint, but as a catalyst for innovation when managed proactively.”
Tiffany Gallagher, US Health Industries Risk & Regulatory Leader at PwC

“AI and machine learning are elevating risk management by enabling predictive insights and smarter decision-making. Risk models evolve based on real-time data, helping teams detect issues earlier and tailor interventions before problems escalate.

“Additionally, integrated compliance platforms eliminate redundant approvals and disjointed communications, creating seamless, user-friendly workflows that improve both internal efficiency and external stakeholder experience.

“As a result, compliance is no longer a regulatory checkbox – it’s a source of insight, agility and value. Technology allows teams to shift from transactional work to strategic advisory roles, helping the business innovate while staying compliant,” she noted.

Changing compliance roles

“To fully leverage these tools, compliance professionals are developing new skills in data analytics, AI governance and digital operations. Organizations are investing in upskilling programs to help teams extract value from technology and lead transformation efforts.”

Regulators are raising the bar, expecting companies to adopt advanced technologies to manage risk more effectively. So compliance teams must demonstrate that they can proactively identify and mitigate risks – using the tools available to them – to meet heightened expectations.

“By embracing this shift, compliance functions can move from reactive oversight to business enablement – contributing directly to resilience, innovation and long-term value,” Gallagher observed.

Managing third-party risk

“Managing third-party risk is a growing priority as companies expand their global networks and face increasing scrutiny,” Gallagher said. “To keep pace, organizations are combining technology with external expertise to build more scalable, proactive risk management programs.

“Automation and embedded controls are streamlining third-party due diligence, while AI and advanced analytics are enabling real-time risk monitoring and trend detection. This allows companies to focus on high-priority issues and reduce manual oversight burdens. At the same time, external partners bring market intelligence, regulatory updates and benchmarking data that strengthen audits, enhance risk scoring and improve oversight of vendors and distributors.

“Together, these capabilities support more agile, data-driven third-party risk management. Companies can continuously assess, monitor and respond to evolving risks – improving compliance outcomes, strengthening stakeholder confidence and maintaining operational integrity across complex supply chains,” she stated.

Changes to risk management

“In response to rising complexity, companies are adopting a more dynamic, integrated approach to risk. There’s a shift from risk avoidance to risk agility – viewing risk not as a constraint, but as a catalyst for innovation when managed proactively.

“Real-time risk sensing, scenario modeling and AI-driven dashboards are replacing static assessments. Cross-functional teams – spanning compliance, legal, supply chain and IT – are working together to monitor risks continuously and respond to issues in real time.

“Enterprise risk functions are becoming more unified, supported by shared data, common taxonomies and enterprise GRC platforms that span functions and geographies. Environmental, social, and governance (ESG) issues and cybersecurity matters are now core to the risk framework, particularly given the rise of digital health and AI-driven R&D,” Gallagher said.

“There’s also a move toward outcome-focused risk strategies – measuring success not by the number of controls in place, but by the speed and effectiveness of risk response, impact on patient safety and alignment with innovation goals.

“Companies that embrace this transformation are better positioned to navigate uncertainty, seize opportunity and build resilient, future-ready organizations,” she added.

Topics

Latest News

Federal court orders Bank of America to pay FDIC $540m

Attorneys Kudman and Posner on strategies to detect and deter healthcare fraud

16 firms rebuffed by SEC in bid to revisit off-channel comms settlements

Topics

Latest News

Updated UK Modern Slavery Act guidance published

The CAT is in danger, says Barron’s

Pharma watch: Delayed vaccine decisions, insulin price lawsuit, drug cap win

Topics

Latest News

Second SEC roundtable explores regulatory pathways for crypto trading

Home Office consults on measures to tackle ransomware

US regulators shift stance in turning point for crypto policy

Topics

Latest News

Podcast: LSEG's Anna Rosenberg contemplates the regulatory road ahead

GRIP Extra: DHS investigates ex-CISA director Krebs, Atkins in as SEC chair

SIFMA C&L 2025 Recap: The future of US state regulation