ethik, risikomanagementund compliance wegezu

Ethik, Risikomanagementund Compliance –Wege zu einem integrierten Assurance ModellKlaus Moosmayer, Ph.D. Member of the Executive Committee andChief Ethics, Risk and Compliance Officer of Novartis

BKMS®Experience Days| 15.09.2021

Ethics, Risk & Compliance

Agenda

Klaus Moosmayer, Ph.D. | Novartis International AG | September 20212

1 Novartis Overview

2 Our Function – ERC (Ethics, Risk and Compliance)

3 Compliance Management System

3 Human Rights

5 Risk & Resilience

6 Speak-Up Office

7 Our New Code of Ethics

8 Q&A

Our Company We are a focused medicines company


OUR COMPANY OUR PURPOSE

WE REIMAGINE MEDICINE TO IMPROVE AND EXTEND PEOPLES LIVES

We use innovative science and technology to address some of societies most challenging healthcare issues.

We discover and develop breakthrough treatments and find new ways to deliver them to as many people as possible.

We also aim to reward those who invest their money, time and ideas in our company.

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

April

2018

2019April

July

2019

2020January

June

2020

New Ethics, Risk & Compliance (ERC) function formed

Human Rights & Third Party Risk Management joined ERC

New Risk & Resilience organization established

Global ERC operating model announced

Launch new

Code of Ethics

(effective Sept 1)

Our Function Formed in April 2018

Klaus Moosmayer, Ph.D. | Novartis International AG | June 20216

Our OrganizationA diverse team, cutting across all Business Units, Corporate Functions, & Risk Areas


Approx. 560 associates globally

ERC ASSOCIATES

DIVISIONS & BUSINESS UNITS

Pharma Oncology Sandoz

Patient Engagement

Technical Operations

Business Services

Research & Development

DigitalCorp. Affairs & Global Health.

RISK AREAS

FinanceInformation

SecurityQuality

People & Organization

Data Privacy

Health, Safety & Environment

CORPORATE FUNCTIONS

Our StrategyWe support Novartis to act ethically and to reliably achieve our objectives


We empower associates to do

what’s right so that every day,

our decisions benefit patients,

society and Novartis

We establish effective risk

management that identifies,

analyses, and addresses risks

that can affect our ability to

operate

We ensure Novartis acts in

compliance with applicable

regulations, laws, policies and

guidelines

ETHICS RISK COMPLIANCE

Build a sustainable foundation

Develop enterprise assurance standards

Manage our compliance risks

1 2 3

Our ProgramThree bold objectives, covering nine key deliverables


4. Enterprise Risk & Crisis

Management

5. Enterprise Policy & Control

Management

6. Third Party Risk Management

1. Embed Ethics

2. Respect Human Rights

3. Encourage Speak Up

7. Compliance Management

System

8. SpeakUp Program

9. Centralized Monitoring &

Remediation

ETHICS RISK COMPLIANCE

Build a sustainable foundation

Develop enterprise assurance standards

Manage our compliance risks

1 2 3

1

2

3

4

5

6

7

8

9

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

Compliance Management SystemAn integral part of our culture

ESTABLISH A CULTURE OF

ETHICS & INTEGRITYCOMPLIANCE RISK

MANAGEMENT

MISCONDUCT REPORTING

& INVESTIGATIONS

ORGANIZATION & GOVERNANCE

COMPLIANCETRAINING &

COMMUNICATIONS

COMPLIANCE POLICY

MANAGEMENT

Culture

1

2

34

5

CULTURE

» Supports the organization in achieving its cultural aspiration

» Is well designed, executed, and improved based on the changing environment and risk landscape

» It enables the prevention and detection of misconduct

» Embraces behavioral & data science

» Is continuously aligned with recognized international standards and good practices


Compliance Management SystemFive distinct pillars enable us to prevent, detect systemic misconduct

MISCONDUCT REPORTING &

INVESTIGATIONS

Maintain Reporting Channels

Intake & Triage Employee Reports

Conduct Internal Investigations

COMPLIANCE TRAINING &

COMMUNICATIONS

Develop a Training Curriculum

Determine Training Methodology

Develop Communications

Strategy

Deliver Communications

COMPLIANCE POLICY MANAGEMENT

Develop & Embed a Code of Ethics

Establish & Maintain Policy Governance

Maintain Policies, Process, & Controls

Embed Policy Processes within Systems & Tools

RISK ASSESSMENT

Assess Compliance Risk

Track the Legal & Regulatory Environment

Monitor / Audit Third Parties

Monitor Compliance Risk Exposure

Test & Monitor Compliance Controls

AssessThird-Party

Compliance Risk

TESTING & MONITORING

Build Risk-Specific Mitigation Plans

MITIGATION & REMEDIATION

Conduct Annual Compliance Risk

Assessment

ORGANIZATION & GOVERNANCE

Adequate Budget

Sufficient Resources

Effective Tools

Clear Governance

1 2 3 4 5

Reporting & Analytics

COMPLIANCE RISK MANAGEMENT


Professional Practice PolicyPrinciple-based to support decision-making

Principle-based Policy, to help navigate areas of

uncertainty and to support ethical decision-making

7 supporting guidelines, outlining clear requirements to

safeguard Novartis across key areas of risk

Strengthening the culture of compliance from ticking

boxes to focusing on understanding the “purpose & intent”

behind our interactions

Empowering associates to do what’s right by focus on the

visible and invisible drivers of decision-making

Laying the foundation for other global policies, many of

which are now oriented around principles to support ethical

decision-making


Launched in March 2018

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

Human RightsThe five pillars of our strategy

15

Ongoing

Due Diligence

Augmenting

existing due

diligence

processes by

embedding human

rights.

Human Rights

Assessments

Investigating of

markets, products,

and services for

potential human

rights risks &

impacts

Capacity

Building

Building capacity in

Novartis about

human rights and

due diligence

processes

Strategic Rights

Promotion

Supporting

protection of

human rights in

areas that align

with our business

Stakeholder

Engagement

Reporting and

engaging with key

internal functions &

external

stakeholders

Our ambition is to be a recognized leader in the healthcare sector in respecting and supporting the protection of human rights throughout our operations and supply chains. Our ambition will be realized through five strategic work-streams:

Ethics, Risk & Compliance | External Presentation Deck | November 2020Klaus Moosmayer, Ph.D. | Novartis International AG | September 2021

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

17 Klaus Moosmayer, Ph.D. | Novartis International AG | September 2021

RISKS

Common methodology for

Enterprise Risk Management at Novartis

Functions / business units

responsible to identify business risks and mitigation plans

Risk that shall be covered

mentioned in Policies / Guidelines

POLICIES & GUIDELINES

Top-level Policies provide high-

level principles

Guidelines and process narratives or flowcharts provide details for

specific areas / groups

All Policy / Guideline need to have

Internal Controls

INTERNAL CONTROLS

Controls ensure that risks are

mitigated to the extent reasonable

Controls are embedded in business processes

Creation of a harmonized control framework for Novartis’ functions

and units

Clear accountabilities and responsibilities, creating transparency and simplification for risk and control owners

Improved governance and oversight of the control landscape across the whole organization

Harmonized methodology, enabling the business to manage risks more efficiently

Integrated Risk ManagementAligning our policies & controls to our enterprise risks

Novartis Risk CompassClear mapping of enterprise risks, enabling focus and prioritization


Operationalrisks

Strategicrisks

Emergingrisks

Awarenessrisks

Our integrated enterprise risk

management process

1. Assessment

2. Mitigation

3. Monitoring and review

4. Continuous control

Strategic risks reported and discussed at Executive & Board level

Centralized Monitoring & RemediationProviding program assurance in collaboration with Countries

CENTRAL MONITORING TEAM CENTRAL REMEDIATION TEAM

“We make sophisticated compliance fitness tests and

based on several physiological parameters we help

you to define the optimum compliance training plan”

“We coach you how to best implement your individual

compliance training plan, that you can achieve your

peak performance”


Third Party Risk Management FrameworkThe business owner is responsible for managing the third party relationship and the risk

MANAGEMENT OF THE THIRD

PARTY SITS WITH THE BUSINESS

» TPRM covers the following core risk areas: anti-bribery; animal welfare; HSE; labor rights; information security; data privacy; and good manufacturing practices.

» In 2020, we added financial due diligence and trade sanctions.

» We expanded our risk management practices to include wholesalers and distributors, who are important Novartis customers.


THIRD PARTY RISK MANAGEMENT

THIRD PARTYPOLICY

MANAGEMENT

TRAINING & DEVELOPMENT

THIRD PARTYOVERSIGHT

ORGANIZATION & GOVERNACE

BUSINESSOWNER

5

4

3

2

1

Third Party Risk Management FrameworkMaintaining our standards when engaging third parties


Our process The risk areas covered

Anti-Bribery

Health, Safety & Environment

Quality (GMP)

Labor Rights

Information Security (3Pas)

Data Privacy

Animal Welfare

Financial Due Diligence*

Trade Sanctions*

*New risk areas by Oct 2020

1.3k+ supplier assessments per month

Human Rights topics embedded across all risk assessment

items and risk experts trained on applications

Third Party Risk ManagementOur principles guide our process and maintain our standards


Our principles guide our process and

helps ensure we make the right decisions

when engaging third parties.

This enables us to continue building trust

with society, protecting our patients, our

business, and human rights to positively

impact communities.

We maintain our ethical standards,

putting values before financial performance

and holding ourselves and others

accountable for it.

Our principles

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

SpeakUp Office

Business Use Only24

Global function for all associates or

externals to report potential misconduct

Assessment of complaints and

assignment for further investigation

Whistleblower protection

Formal reporting requirements (SOX)

Reputation protection in a highly regulated market

What we do

and why?

SpeakUp Process

Business Use Only25

What happens when you speak up

Report Review Investigate Decision Update Action Close

Report concern using one of

the Speak Up platforms*

Concern will be reviewed to decide

next steps

Local or global function will investigate

Business decides on appropriate

action

You will be updated in the case

If required, actions will be put into practice

Speak Up case closed

*Webf orm/hotline accessible at go/Speak Up or via local channels (your manager, ERC, P&O, Legal functions and senior management)

Misconduct Categories

Business Use Only26

Antitrust, fair competition

Books & records, accounting irregularities

Bribery & Kickbacks

Company Confidential/Trade Secret Information

Conflict of Interest

Data Privacy

Discrimination & Sexual harassment

Expense fraud

Fraud / asset misappropriation

Improper Professional Practices

IT Security Breach

Quality Assurance / Data Integrity

Retaliation

Other Employee Relations Issues (e.g. inappropriate

behavior, etc.)

Other (e.g. scientific misconduct, social media

guideline violation, etc.)

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

Ethics matters because it builds trustBuilding trust with society is key to deliver our purpose of reimagining medicine


Trust

= Competence

+ Ethics

Ethical drivers 3x more important

to company trust

than competence*

Driving ethical behavior and a culture of integrity in your role as an ERC Professional enables us to earn and maintain the trust of our patients, shareholders and healthcare partners.

Source: Edelman Trust Barometer 2020

Ethical drivers 3x more important

to company trust

than competence*

We are building trust......by embedding ethical behavior across Novartis


Our Approach

Design Anchors

ExecutionPrinciple

Co-creationTo ensure what we do is relevant, meaningful, and works for all associates

Behavioral ScienceTo embrace the reality of what drives our ethical behaviors

AlignmentFully aligned with the Novartis values and culture

Key Elements

• A principle-based Code of Ethics

• A list of clear commitments on topics that matter

• Practical decision explorer and resources for all associates

• Reshaping our environment to support associates to do what’s right

We are addressing the visible and invisible drivers of ethics


Thinking about ethics

Changing behaviors through changing the mind

By developing the code and tools to support ethical decision making

Being ethical

Changing behaviors through changing the context, ethical climate and culture

And shaping our environment by removing blockers and supporting associates to do what’s right

The code itself is......key to signaling our commitment to ethics at Novartis


▪ The code was rolled out on June 2, 2020 and became effective on Sept 1, 2020. ▪ The Code of Ethics replaced the Code of Conduct.

1Our ethical principles define what ‘doing what’s right’ means in the context of Novartis.

2Clear statements on our commitment to doing what’s right across key areas.

It consists of two key elements:


Our Ethical Principles

Ask yourself

BE BOLD BE ACCOUNTABLEBE OPEN-MINDED BE HONEST

Am I actively listening to ideas or concerns?

Am I questioning the impact of my decisions?

Am I valuing the perspective of others?

Am I acting with clear intent?

Am I avoiding harm?

Am I speaking up?

Am I standing up for what I believe?

Am I putting patients first?

Am I making a positive difference?

Am I taking responsibility for my decisions?

Am I treating others as I would like to be treated?

Am I putting the team before myself?

Ethical principlesOur ethical principles are designed to guide our decision making

Our commitments clearly outline......what we expect from each other and why it’s important to us


Our Commitment

To create a safe place to work, where all of our associates

have an equal opportunity to succeed.

We will not tolerate discrimination, harassment, retaliation,

bullying or incivility. We value the contributions of all of our

associates and encourage them to express themselves and

their opinions freely in a professional way.

Why it matters

Fair employment practices benefit all our associates, as well as

society, and provides the integral foundation to support our

commitment to human rights.

Fair employment practices

10 Biases to be aware of


Ethical LeadershipBecoming an Ethical Leader


“The Decision Explorer has helped me to identify potential biases

at play in our ethical decision making and a disconnect with our ethical

principles....

...But I don’t feel comfortable to discuss this with my team”.

The Ethics Conversation Toolkit...is designed to help managers create the environment for teams to discuss their ethical challenges


Psychological safety

Ethics & me

Ethics & my team

4

3

2

1Leadership

Vulnerability

Innovation

Collaboration

How to build a safe space for your team to be themselves,

make mistakes, share concerns and learn from all of it.

What being vulnerable truly means and how it can aid

collaboration and innovation

How ethics can act as a source of innovation and give

your team an edge

How to get your team talking about ethics and the

ethical challenges they face

1

2

3

Agenda


1 Novartis Overview



3 Human Rights

5 Risk & Resilience

6 Speak-Up Office


8 Q&A

Thank you

ethik, risikomanagementund compliance wegezu

Documents