Regulatory affairs is more than a support function - and should report directly to your CEO
There's a well known principle in organisational design: authority and accountability should be aligned. If you hold someone responsible for an outcome, they need genuine control over the inputs that determine it. In medtech, do we really give regulatory affairs organisational authority that is aligned with its influence and criticality?
Accountability without authority
Consider what we ask of regulatory affairs in practice. We hold it accountable for submission quality, for regulatory outcomes, for the integrity of the technical file. And then we make it dependent on a variety of upstream teams for the quality of input documentation. Did R&D keep the intended use consistent through their documentation? Did manufacturing cross all the t’s and dot the i’s in the process validations? The departments that feed documentation into RA have their own priorities, timelines, and definitions of “good enough”. Regulatory affairs inherits whatever they produce, often late, and is expected to turn it into something a competent authority will approve.
The practical consequence is that RA functions spend a disproportionate amount of their capacity compensating for upstream gaps – correcting technical inconsistencies, locating lost documentation, getting re-approvals, closing gaps in compliance to standards that other subject matter experts should be aware of – the list goes on. This is not regulatory strategy. It is remediation work, and it crowds out the activities where RA actually creates value: planning and strategy, advising departments on compliance for a target submission, market sequencing decisions, catching errors before they’re in front of authorities, and detecting changes in the regulatory landscape. Most RA teams I've encountered are aware of this gap between what they could contribute and what they actually spend their time on. The organisational design is the constraint, not the capability.
We’ve been here before – with finance
This isn't a new problem in business. The CFO role offers a useful parallel — one that played out over decades. Finance was historically a back-office function: bookkeeping, reporting, transactional processing, largely invisible to strategy. The repositioning of finance as a strategic function, with the CFO as a board-level voice on capital allocation and commercial risk, didn't happen because accountants suddenly became more capable. It happened because organisations recognised that financial discipline was a source of competitive advantage, not just a compliance requirement. Deloitte's Four Faces of the CFO framework maps the CFO's evolution from steward and operator to catalyst and strategist.¹ The question for medtech leadership is whether the same repositioning logic applies to regulatory affairs — and I'd argue it does, with some urgency, given that the post-MDR regulatory environment is materially more demanding than the one most of these organisational structures were designed for.
The reporting line is a signal, not a solution
If regulatory affairs reports through an operations, R&D or combined quality & regulatory leader, it has been structurally positioned as a technical support function. An RA leader who reports directly to the CEO, or sits on the executive committee, is positioned as a strategic voice. But the reporting line is only meaningful if it's accompanied by a shift in the dynamics within the organisation. Other teams such as R&D, manufacturing and quality assurance need to recognise the impact of their outputs; else RA will still spend it’s time remediating documentation.
The harder change is therefore cultural, which is to say it is a leadership problem rather than an org chart problem. It requires the CEO and the board to treat regulatory strategy as a strategic variable — something that shapes which markets to enter, in which sequence, with which product configurations — rather than a downstream execution task that becomes visible only when something goes wrong. In most medtech firms, regulatory becomes a board-level topic only when the ability to sell products is under threat. At that point, it’s too late for regulatory leaders to help the executive team build an informative understanding of the regulatory environment and influence decisions.
What execs can do
My take-home message is this: Review your reporting lines. Ask honestly whether the seniority and access afforded to your RA function reflects its commercial significance. Then look beyond the org chart: are your R&D, manufacturing, and clinical teams trained to understand their regulatory obligations, and the cost when they aren't met? Every hour your RA team spends correcting someone else's documentation is an hour not spent on the strategic activity that protects your market access, enables geographic expansion, and keeps your pipeline moving. That is not a compliance problem. It is a business performance problem — and the executives who recognise this quickly will gain competitive advantage by connecting their business strategy with the team that has the greatest influence over market access: regulatory affairs.
¹ Deloitte, The Four Faces of the CFO, Deloitte CFO Program, 2010. Available at: https://www.deloitte.com/us/en/programs/chief-financial-officer/articles/gx-cfo-role-responsibilities-organization-steward-operator-catalyst-strategist.html