Able Laboratories Fraud Case: What Have We Learnt?

Twenty years ago, the fraud at Able Laboratories was uncovered. A chromatography data system (CDS) was at the center of the fraud. What have regulated laboratories learnt since then?

Ever wondered why you cannot use paper printouts from a chromatography data system (CDS) as your good practice (GXP) record? Do you get square eyes reviewing your CDS data audit trail entries on screen? Do you like auditors and inspectors crawling over your e-records?

You have the happy campers of Able Laboratories to thank for your thankless electronic tasks. Able had passed several FDA Pre-Approval Inspections (PAIs) before the industrial-scale data falsification was discovered. On 2 May 2005, four FDA inspectors dropped in for a cozy chat and finished on 1 July after 29 inspection days (!!!) with a 483 form with 12 observations (1). In addition, all Able’s product licenses were revoked, resulting in a recall of 3184 product batches.

The fraud focused on a CDS with an audit trail that was enabled during installation and could not be disabled. This allowed the inspectors to follow the data manipulation.

Twenty years after this case, what have we learnt? Why do we continue to see citations involving manipulated, deleted, or falsified chromatographic data?

The Mists of Time

Able Laboratories, a New Jersey generic pharmaceutical company, was capitalized at $100 million in May 2005. In October it was bankrupt (disabled?). Why? The root cause was senior management. Their approach to quality was each batch will pass—or you’re fired. This is Cressy’s fraud triangle in action (2). A mixture of management pressure, carte blanche opportunity, and the desire to keep their jobs meant that analysts falsified analytical data.

This was compounded by FDA inspections, which focused on paper records and not the underlying CDS e-records. The paper records appeared adequate and therefore Able passed PAI for many products.

FDA did not discover the fraud.

A whistleblower triggered a for cause inspection and the rest is history. This resulted in significant ramifications for all regulated laboratories, software suppliers, and regulatory authorities. We start by looking at the 483 observations.

Rock Around the Regulatory Clock

The 12 observations in the 483 (1) are presented in Figure 1, together with the department responsible for the citation:

• Quality control (5)
• QC and QA (4)
• Quality assurance (2)
• Production (1)

This inspection occurred before the development of pharmaceutical quality systems (PQS) started by FDA ended with ICH Q10 (3). The problem with 21 CFR 211 is that there is no mention of senior management (4) ,who are ultimately responsible for the establishment of a PQS.

We will focus only on the chromatography-related citations here, and observation 1 is the most significant.

Chromatography-Related Citations

Observation 1: The QC unit lacked authority to investigate errors. There are two main elements to this citation.

1. The Quality Unit and Senior Management failed to assure that all drug products distributed have the safety, identity, quality, and purity that they are represented to possess.
   This is damning and places the blame on senior management. As regulatory guidances (5–8), scientific bodies (9–12), and other publications (13,14) make crystal clear, data integrity and data governance starts and ends with senior management. Management must empower the quality unit (QU) to have oversight of quality control (QC) activities. At Able, the QU was non-existent as the overriding management directive was to release batches regardless of the consequences to product quality, data integrity, or patient safety.
2. The Quality Unit failed to review electronic data as part of batch release; review computer audit trails in the CDS; and provide adequate training to analytical chemists. These practices lead to the Quality Unit releasing batches of drug products which failed to meet in-process, finished product, and stability specifications.
   This is an example of how regulations evolve and is an example of current in CGMP. Current requires companies to use technologies that are up to date to comply with GMP, or that existing regulations are re-interpreted to match today’s practices. US GMP has no mention of audit trail. Starting with Able, FDA have interpreted 21 CFR 211.194(a)(8) for second person review, which states…original records have been reviewed for accuracy, completeness, and compliance with established standards (4) to include CDS electronic records, including the applicable audit trail entries.

This is the first citation requiring review of audit trail entries and is an enduring legacy of Able. Aren’t you lucky?

Observation 2: Products Failing Specifications Were Not Rejected or Investigated.

Samples were routinely resampled, reinjected, or reprocessed when OOS results were obtained. This is similar to Barr Laboratories (15), which resulted in the FDA out-of-specification (OOS) guidance documents discussed with Observation 6 under Observation 11.

The CDS helped the inspectors identify the falsification by reviewing audit trail entries of changes. One atenolol dissolution result was 30.9% vs. a specification of not less than (NLT)90%. Obviously, OOS and would trigger an investigation. Not at (Un)Able! A little manipulation and the result was 102.8%. Pass! Read the 483 to see more results that were falsified to pass (1).

Observation 5: Laboratory Records Do Not Include Complete Data.

This observation is an extension of the two above and a contravention of 21 CFR 211.194(a) requiring complete data (4):

The QC laboratory notebooks…lacked data from all analytical testing conducted…records did not include all data…

OOS results were substituted with passing results by Analysts and Supervisors. …performed by cutting and pasting of chromatograms, substituting vials, changing sample weights, and changing processing methods.

…Unreported OOS results were found in electronic data files.

Original sample weights not recorded in notebooks. Sample weights were changed by the analyst (in the sequence file) until a passing result was obtained … (a novel titration method!!).

This is a critical data integrity (DI)deficiency as the company was engaged in fraud (8).

Peak integration has been the subject of three past “Questions of Quality” columns (16–18). If baselines are changed for a validated assay method, you can argue that it is uncontrolled. Impurity testing is different as peaks may be above the limit of quantitation. However, you must have a standard operating procedure (SOP) that states where and when an analyst cannot reintegrate or reprocess chromatograms.

Able was different in that there was a regime dedicated to passing material regardless of results. There is an argument that we should rely on staff ethics and integrity, but not at “Unable”. A quality culture was totally absent.

Observation 6: Input and Output from the Computer are Not Checked for Accuracy.

GMP 211.68(b) requires that inputs and outputs from a computer system are checked for accuracy (4). During second person review, there is also an explicit requirement to check for accuracy and completeness (21 CFR Part 211.194[a] [8]) (4). This is performed by an independent QC analyst. Quality assurance (QA) oversight is required in 211.192. In many organizations, QA staff have minimal expertise to review electronic records and are quite content to review the signed paper output from a computerized system. Able did not conduct QA CDS audits (1) as:

“Sample injections, processing methods and sample weights were not reviewed or verified for accuracy of reported sample results during testing of samples from in-process, product and stability samples.”

This violates PIC/S-041 sections 9.6-1 and 9.8.1 (8). Review of CDS e-records, not paper printouts, is the expectation. Does QA have these oversight skills?

Observation 11: Established laboratory control mechanisms are not followed.

This observation deals with OOS investigations.

… b. SOP … Retesting and Resampling … was not followed … (1)

There was no documentation of the number of retests to be performed… to establish a definite limit beyond which no additional testing would be permitted.
 … retests to be conducted by the original chemist and a second chemist…retest conducted…neither of which being the chemist producing the original result.

In 2005, there was only a draft OOS guidance that had been issued in 1996 following the Barr ruling and that would not be finalized until the following year (19) and updated in 2022 (20).

Rule number 1: You must have a scientifically sound and compliant SOP for regulated work. Rule number 2: Follow it!

Able’s Response to the 483

Able’s response was interesting, they posted the unredacted 483 on their web site. Able asked FDA to skip the traditional warning letter and go to a consent decree instead. FDA’s response was probably unprintable.

As shown in Figure 2, the withdrawal of product licenses resulted in 500 staff being laid off, Able declaring bankruptcy, and by the end of 2005, the remaining assets had been sold to Sun Pharmaceuticals. Unfortunately, the curse of Able followed; Sun signed a consent decree in 2012 but violated it in 2023 (21).

Long Arm of the Law

There were legal ramifications of Able shown in Figure 2. In 2007, the US Department of Justice charged four employees:

The V.P. of quality assurance/quality control and regulatory affairs was charged with two offenses: conspiracy to commit securities fraud and to distribute misbranded and adulterated drugs. The securities fraud was based on manipulating Able’s stock price. The share price went from 55 cents in 2002 to a high of $26.50 in May 2005. He was jailed for 18 months and fined. (I have ignored the fraud cases brought by shareholders who lost money).

Three members of Able’s QC department (the laboratory manager, assistant manager, and group leader) were charged with conspiracy to distribute misbranded and adulterated drugs. There was no defense as FDA could show an avalanche of data fraud led by the three men. All three were put on probation for two years and fined.

The story does not end there; in 2012, FDA debarred the four men for five years from providing services in any capacity that has an approved or pending drug product application (22).

Another QC manager has a saga that extends over a decade. He initially pled not guilty to the charge of conspiracy to distribute but changed his plea to guilty. He was put on probation for two years and fined. When informed of possible debarment in 2012, he appealed, but in 2018 he was debarred for five years (23).

Look on the bright side, if you are debarred you get your own page in the Federal Register. How cool is that? In contrast, when a UK scientist was caught falsifying data by the UK regulator, he was banged up for three months (24). Even cooler (in the cooler)!

Impact on the FDA

PAIs are conducted according to Compliance Policy Guide (CPG) 7346.832: see Figure 2. Following Able, FDA completely revised the CPG and reissued it in 2010 with an effective date of May 2012 (25). This was to give them time to train all their inspectors in DI. There were three objectives:

• Objective 1: Readiness for Commercial Manufacture
• Objective 2: Conformance to the Application
• Objective 3: Data Integrity Audit

DI runs through all three objectives. The CPG was updated in 2019 (26), with a “Focus on Quality” column published to review the changes (27). Surprisingly, the CPG was updated again in 2022, adding Objective 4: Quality in Pharmaceutical Development (28) with another column (29). Note to self: Contact Tom Cruise to suggest Objective 4 as the subtitle of his next Mission Impossible film—a bit light on action but a sure-fire winner!

Data Integrity and CDS

We will review regulatory guidance documents issued (The Good) over the past 20 years and compare with the non-compliances discovered over time (The Bad and The Ugly).

The Good: The Empire Strikes Back

Since Able, there have been a tsunami of regulations, regulatory guidance, industry guidance, books, and articles. The left-hand column of Figure 3 shows the main regulatory guidance documents on the subject since 2010; the figure calls them guides because of a lack of space. I have not listed guides from industry bodies.

• Medicines and Healthcare products Regulatory Agency (MHRA) issued the two versions of a GMP DI guidance in 2015 (30,31). In 2018, there was an updated GXP guidance published (6). All versions define terms and expectations. There is an error defining raw data in the latest version that is inconsistent with the GLP regulations (32,33) and discussed in a “Focus on Quality” column (34).
• The World Health Organization (WHO) issued Guidance on Good Data and Record Management Practices in 2016 (5).This is superior to the 2021 update (35) as it contains the best explanation of ALCOA (-plus) principles in any regulatory document.
• FDA issued Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug or Device Inspection in 2014 (36) and updated in 2024 (37). Preventing FDA from inspecting an establishment means that all drug products are adulterated. Guidance on Data Integrity and Compliance with CGMP (7) had a late addition on the role of management as it is omitted from the GMP regulations (4).
• Pharmaceutical Inspection Convention/Pharmaceutical Inspection Cooperation Scheme (PIC/S) issued Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments in 2021 (8).
• New EU GMP regulations for Documentation – Chapter 4 (38) and Computerized Systems – Annex 11 (39) were updated in 2011 to enhance provisions for data integrity. Updates of both were released for public consultation in early July 2025 (40). Initial reading indicates that we are moving from interpretive to proscriptive regulations to ensure data integrity.

As we can see from Figure 3, there has been a steady stream of regulatory guidance documents issued by health authorities since Able came to light. How effective have they been?

The Bad and The Ugly: Chromatographic Falsification

Never assume malice when stupidity will suffice is tested here. Figure 3 shows the Bad and the Ugly based on my subjective classification. Able Labs, shredding GMP records or trucking them off-site, are Ugly compared with, say, shared user identities, which is Bad. However, all are non-compliances.

In the Ugly column is the 2012 Ranbaxy consent decree (41): a fine of $500 million, withdrawal of products with falsified data, and the establishment of the office of data integrity officer. The latter was tasked with interviewing current and past staff to identify perpetrators of data falsification. If a new drug application contains falsified data, there is a $3 million per data set fine up to $30 million, plus permanent withdrawal. Ask yourself the question—was falsification worth it?

This column has discussed Able Labs and various ways to falsify chromatography data since 2007 (16–18,42–49). Interestingly, 25% of FDA data integrity citations 2005–2017 involved peak integration (50).

Despite all the DI guidance documents, unethical people are inventing subtle ways to falsify data. The Bad column in Figure 3 shows some of the newer ways to hide unofficial testing or justify invalidating a run and restarting:

• Short or aborted runs—One or two injections to “just to see what the results look like.”
• Instrument failures—We have a problem, better repeat the work!
  Check the instrument log to see how each issue was recorded and resolved.
• If system suitability test (SST) injections are out of acceptance limits, invalidate the whole run! This takes advantage of the FDA’s allowance in the OOS guidance (19,20) that permits this. Ensure you check the peak integration throughout a run as there may be subtle changes in integration of the SSTs and not the samples (18). As chromatography is a comparative technique, all samples must be integrated the same way.
• One warning letter cited: The quality control manager directed employees to stand shoulder ­to ­shoulder, barring our investigator from accessing portions of the laboratory and the equipment used to analyze drugs for U.S. distribution (51).

These issues stem from poor ethics, laziness, a lack of understanding of regulations, and the belief that if something isn’t explicitly stated in the regulations, it doesn’t need to be done. More frightening is the willingness to subvert regulations until caught.

Where Are We Now?

Twenty years after Able, pharma should be ensuring the integrity of CDS data. However, in March and April 2025, FDA issued warning letters to International Laboratories Corporation (52) and Mentha & Allied Products Private Ltd (53) for DI violations. Key citations, including senior management responsibility for data falsification and analysts having the ability to delete records, time travel, and manipulate data, are shown in Table I.

Summary and Conclusion

Given the reams of published regulatory guidance, industry guidance documents, and published articles, you would think that there would be good chromatography compliance and fewer regulatory citations. In many companies, particularly the larger ones, this is the case. Compliance gaps have been closed and QA are on top of the situation with management support.

However, given the timeline in Figure 3, all that has changed in unethical companies is that falsification has morphed from the obvious into the subtle. Therefore, reviewers, auditors, and inspectors need to ensure that they examine the minutiae of chromatographic analysis where there is a suspicion of falsification. This starts at the top: senior management. If they are not onboard, your company is DI toast.

I asked the question: What have regulated laboratories learnt in the 20 years since the fraud at Able Laboratories?

Very little is the unfortunate answer and it is occasionally worse. The companies falling into the Bad and Ugly categories are making things worse for everyone. Industry comeuppance is evidenced in the draft versions of Annex 11 and Chapter 4: greatly expanded, more proscriptive, and onerous to implement (40). You reap what you sow.

Acknowledgments

I would like to thank, in alphabetical order, Monika Andraos, Brian Alliston, Chris Burgess, Mahboubeh Lotfinia, and Paul Smith for their helpful input and review comments during the preparation of this column.

References

1. FDA, Able Laboratories Form 483 Observations, 2005. https://www.fda.gov/media/70711/download (accessed 2025-08-13).
2. Cressey, D. R. Other People’s Money: A Study in the Social Psychology of Embezzlement; Free Press, 1953.
3. ICH, Q10 Pharmaceutical Quality System, International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (Geneva, 2008).
4. 21 CFR 211, Current Good Manufacturing Practice for Finished Pharmaceutical Products (FDA, Silver Spring, MD, 2008).
5. WHO, Technical Report Series No.996 Annex 5 Guidance on Good Data and Records Management Practice (World Health Organisation, 2016).
6. MHRA, GXP Data Integrity Guidance and Definitions (Medicines and Healthcare products Regulatory Agency, 2018).
7. FDA, Guidance for Industry Data Integrity and Compliance With Drug CGMP Questions and Answers (Silver Spring, MD, 2018).
8. PIC/S, PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (Geneva, 2021).
9. GAMP Guide Records and Data Integrity (International Society for Pharmaceutical Engineering; Tampa, FL, 2017).
10. GAMP Good Practice Guide: Data Integrity - Key Concepts (International Society for Pharmaceutical Engineering; Tampa, FL, 2018).
11. GAMP Good Practice Guide: Data Integrity by Design (International Society for Pharmaceutical Engineering; Tampa, FL, 2020).
12. Technical Report 80: Data Integrity Management System for Pharmaceutical Laboratories; Parenteral Drug Association (PDA), Bethesda, MD, 2018.
13. McDowall, R. D. Validation of Chromatography Data Systems: Ensuring Data Integrity, Meeting Business and Regulatory Requirements second ed.; Royal Society of Chemistry, 2017.
14. McDowall, R. D. Data Integrity and Data Governance: Practical Implementation in Regulated Laboratories; Royal Society of Chemistry, 2019.
15. FDA, Barr Laboratories: Court Decision Strengthens FDA’s Regulatory Power, 1993. https://www.fda.gov/Drugs/DevelopmentApprovalProcess/Manufacturing/ucm212214.htm (accessed 2025-08-13).
16. McDowall, R. D. Where Can I Draw the Line? LCGC Eur. 2015, 28 (6), 336–342.
17. Longden, H.; McDowall, R. D. Can We Continue to Draw the Line? LCGC Eur. 2019, 21 (12), 641–651.
18. McDowall, R. D. Ingenious Ways to Manipulate Peak Integration? LCGC Int. 2024, 1 (2), 20–26. DOI: 10.56530/lcgc.int.lb8988h2
19. FDA, Guidance for Industry Out of Specification Results (Rockville, MD, 2006).
20. FDA, Guidance for Industry, Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production (Silver Spring. MD, 2022).
21. FDA, Sun Pharmaceutical Industries Limited: Consent Decree Correspondence / Non-Compliance Letter (Silver Spring, MD, 2023).
22. Debarment notices for four Able Laboratories employees. Federal Register, 2012, 77 (66), 20636–20643.
23. Debarment notice for one Able Laboratories employee. Federal Register, 2018, 83 (188), 48828–48831.
24. Scientist Steven Eaton Jailed for Falsifying Drug Test Results. British Broadcasting Corporation, 2013. http://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-22186220 (accessed 2025-08-13).
25. FDA, Compliance Program Guide CPG 7346.832 Pre-Approval Inspections (Silver Springs, MD, 2010).
26. FDA, Compliance Program Guide CPG 7346.832 Pre-Approval Inspections (Silver Spring, MD, 2019).
27. McDowall, R. D. Do You Understand the FDA’s Updated Approach to Pre-Approval Inspections? Spectroscopy2019, 34 (12), 14–19.
28. FDA, Compliance Program Guide CPG 7346.832Pre-Approval Inspections (Silver Spring, MD, 2022).
29. McDowall, R. D. Guess Who’s Coming to Inspect R&D? Spectroscopy 2023, 38 (9), 6–10. DOI: 10.56530/spectroscopy.cv2490n6
30. MHRA, GMP Data Integrity Definitions and Guidance for Industry 1st Edition. 1st ed. (Medicines and Healthcare products Regulatory Agency, 2015).
31. MHRA, GMP Data Integrity Definitions and Guidance for Industry 2nd Edition. 2nd ed. (Medicines and Healthcare products Regulatory Agency, 2015).
32. 21 CFR 58, Good Laboratory Practice for Non-Clinical Laboratory Studies (FDA, Washington, DC, 1978).
33. OECD, Series on Principles of Good Laboratory Practice and Compliance Monitoring Number 1, OECD Principles on Good Laboratory Practice (Organisation for Economic Co-operation and Development, 1998).
34. McDowall, R. D. Quo Vadis Raw Data? Spectroscopy 2018, 33 (12), 8–11.
35. WHO, Technical Report Series 1033, Annex 4 Guideline on Data Integrity (World Health Organisation, 2021).
36. FDA, Guidance for Industry Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug Inspection (Rockville, MD, 2014).
37. FDA, Guidance for Industry Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug or Device Inspection, Revision 1 (Rockville, MD, 2024).
38. EudraLex, Volume 4 Good Manufacturing Practice (GMP) Guidelines, Chapter 4 Documentation (European Commission, 2011).
39. EudraLex, Volume 4 Good Manufacturing Practice (GMP) Guidelines, Annex 11 Computerised Systems (European Commission, 2011).
40. Stakeholders’ Consultation on EudraLex Volume 4, Good Manufacturing Practice Guidelines: Chapter 4, Annex 11 and New Annex 22. European Medicines Agency, 2025. https://health.ec.europa.eu/consultations/stakeholders-consultation-eudralex-volume-4-good-manufacturing-practice-guidelines-chapter-4-annex_en (accessed 2025-08-13).
41. Ranbaxy Laboratories Ltd. & Ranbaxy Inc.: Consent Decree of Permanent Injunction; Case 1:12-cv-00250-JFM; 2012..
42. McDowall, R. D. How Able Are You? LCGC Eur. 2007, 20 (3), 144–149.
43. McDowall, R. D. Security and Access Control Requirements for Computerized Systems. LCGC Eur. 2007, 20 (11), 583–585.
44. McDowall, R. D. Fat Finger, Falsification or Fraud? LCGC Eur. 2012, 25 (4), 194–200.
45. McDowall, R. D. How Complete Are Your Chromatographic Data? Part 1. LCGC Eur.2013, 26 (6), 338–343.
46. McDowall, R. D. How Complete Are Your Chromatographic Data? Part 2. LCGC Eur.2013, 26 (7), 389–392.
47. McDowall, R. D. The Role of Chromatography Data Systems in Fraud and Falsification. LCGC Eur. 2014, 27 (9), 486–492.
48. McDowall, R. D. Are You Invalidating Out-of-Specification (OOS) Results into Compliance? LCGC Eur.2020, 37 (7), 411–419.
49. McDowall, R. D. What Are Orphan Data? LCGC Eur. 2022, 35 (9), 381–387. DOI: 10.56530/lcgc.eu.dk3677x5
50. Toscano, G. Data Integrity: A Closer Look; NSF International, 2018.
51. FDA Warning Letter Nippon Fine Chemical Company Ltd. (Silver Spring, MD, 2016).
52. FDA Warning Letter International Laboratories Corporation. (Silver Spring, MD, 2025).
53. FDA Warning Letter Mentha & Allied Products Private Ltd (Silver Spring, MD, 2025).

About the Author