What “Compliance” Actually Means
Every beauty and wellness product you buy has gone through some level of regulatory compliance — or it should have. But what does compliance actually mean, and how do you know if a brand is doing it right?
Brian Yam, a compliance consultant at Blue Ocean Regulatory, has spent his career helping brands navigate the complex regulatory landscape for cosmetics, supplements, and personal care products. In this conversation with Nour Abochama, he breaks down what compliance means in practice, what happens when products fail testing, and how consumers can identify brands that take compliance seriously.
“Compliance is about more than just following rules,” Brian explains. “It’s about building systems that ensure your product is safe and effective every single time — not just the first batch you submit for testing.”
The Regulatory Landscape: Cosmetics vs. Supplements
The compliance requirements for cosmetics and dietary supplements are governed by different regulatory frameworks:
Cosmetics (FDA, FD&C Act + MoCRA)
As discussed in our beauty safety episode, cosmetics don’t require pre-market approval. However, under MoCRA (2022), brands must now:
- Register their manufacturing facilities with the FDA
- List their products with the FDA
- Report serious adverse events to the FDA within 15 days
- Maintain safety substantiation records
- Follow Good Manufacturing Practices (GMPs) — to be established by FDA rulemaking
Safety substantiation is the key concept: brands must have a reasonable basis to believe their products are safe. This doesn’t require specific tests, but it does require that someone with appropriate expertise has evaluated the product’s safety.
Dietary Supplements (FDA, DSHEA + 21 CFR Part 111)
Dietary supplements are regulated under the Dietary Supplement Health and Education Act (DSHEA) of 1994 and must comply with 21 CFR Part 111 (Current Good Manufacturing Practices for dietary supplements).
Key requirements include:
- Manufacturing in GMP-certified facilities
- Identity, purity, strength, and composition testing of ingredients and finished products
- Maintaining batch records
- Reporting serious adverse events to the FDA within 15 days
- Labeling requirements (Supplement Facts panel, structure/function claims)
Unlike cosmetics, supplements have mandatory GMP requirements that are actively enforced by the FDA through facility inspections.
The Testing Process: What Responsible Brands Do
Brian walks through the testing process that responsible brands follow before bringing a product to market:
1. Ingredient Verification
Before formulating a product, responsible brands verify that their ingredients are:
- Identity-confirmed: The ingredient is what the supplier claims it is (using techniques like HPLC, mass spectrometry, or DNA testing for botanical ingredients)
- Purity-tested: Free from contaminants (heavy metals, pesticides, microbial contamination, adulterants)
- Potency-verified: Present at the concentration specified
“Ingredient fraud is more common than people realize,” Brian explains. “We’ve seen cases where suppliers substituted cheaper ingredients, diluted active compounds, or added undisclosed substances. Independent ingredient testing is essential.”
2. Formulation Safety Assessment
Once the formula is developed, a qualified safety assessor (typically a toxicologist or cosmetic chemist) evaluates:
- The safety of each ingredient at the concentration used
- Potential interactions between ingredients
- Potential for sensitization or irritation
- Stability of the formula
3. Stability Testing
Products are tested under accelerated aging conditions to ensure they remain safe and effective throughout their intended shelf life. This includes:
- Physical stability (appearance, viscosity, phase separation)
- Chemical stability (degradation of active ingredients)
- Microbial stability (effectiveness of preservative system)
4. Finished Product Testing
Before release, each batch should be tested for:
- Identity and potency of key ingredients
- Microbial contamination
- Heavy metals
- Any product-specific safety parameters
5. Third-Party Certification (Optional but Valuable)
Voluntary third-party certifications provide independent verification:
- USP Verified: Verifies identity, potency, and purity; tests for contaminants
- NSF Certified: Similar to USP, with additional facility audit
- Informed Sport/Informed Choice: Tests for banned substances in sports
- Non-GMO Project Verified: Verifies non-GMO status
- COSMOS Organic: Verifies organic and natural cosmetic standards
What Happens When a Product Fails Testing
This is where Brian’s expertise becomes particularly valuable. Product failures happen — and how a brand responds tells you a lot about their commitment to quality.
Common failure scenarios:
Microbial contamination: A product tests positive for bacteria, mold, or yeast above acceptable limits. Response: Quarantine the batch, investigate the root cause (contaminated ingredient? Manufacturing process failure? Packaging issue?), retest, and release only if the problem is resolved.
Heavy metal contamination: A product tests above acceptable limits for lead, arsenic, mercury, or cadmium. Response: Trace back to the contaminated ingredient, work with the supplier to address the issue or find an alternative supplier.
Potency failure: A supplement tests below the labeled potency for a key ingredient. Response: Investigate the root cause (ingredient quality? Formulation issue? Manufacturing process?), adjust the formula or process, retest.
Stability failure: A product degrades faster than expected during stability testing. Response: Reformulate (different preservative system, different packaging, different pH), retest.
“A brand that has never had a product fail testing is either not testing adequately or not being honest,” Brian says. “The important thing is having systems in place to catch failures before products reach consumers.”
How to Identify Compliance-Focused Brands
As a consumer, you can’t audit a brand’s manufacturing facility. But there are signals that indicate a brand takes compliance seriously:
1. Third-party certifications. USP, NSF, Informed Sport, COSMOS — these require independent audits and testing, not just self-declaration.
2. Certificate of Analysis (CoA) availability. Brands that test their products should be able to provide CoAs showing test results. Some brands make these publicly available; others will provide them on request.
3. Transparent ingredient sourcing. Brands that know where their ingredients come from and can speak to supplier quality are more likely to have robust supply chain controls.
4. Adverse event reporting. Brands that take compliance seriously have systems for receiving and responding to consumer complaints and adverse events.
5. GMP certification. For supplements, look for brands that manufacture in NSF GMP or USP GMP certified facilities.
Key Takeaways
- Cosmetics require safety substantiation but no pre-market approval; supplements require GMP compliance and batch testing
- Responsible brands verify ingredient identity, purity, and potency before formulation
- Stability testing ensures products remain safe throughout their shelf life
- Product failures are normal — what matters is having systems to catch them before consumer release
- Third-party certifications (USP, NSF, Informed Sport) provide meaningful independent verification
- Ask brands for Certificates of Analysis — brands that test their products should be able to provide them
This article is based on Episode 13 of Nourify & Beautify with Brian Yam of Blue Ocean Regulatory. Listen on Podbean.
