Cookie Disclaimer

This website uses 'cookies' to give you the best, most relevant experience. Using this website means you`re OK with this. You can change which cookies are set at any time - and find out more about them in our cookie policy. Cookie settings

TAG overview

Responsible entrepreneurship starts with compliance. We take steps to ensure that all our activities adhere to relevant laws, regulations and ethical standards around the world. This also helps us to protect our reputation as an employer and business partner.

Our approach to compliance

Compliance is one of our primary considerations worldwide. As an international company with operations also in low- and middle-income countries, we have stringent requirements for effective compliance management. Importantly, we seek to emphasize compliance by acting in line with our company values and believe that profitable business operations should go hand-in-hand with the highest ethical standards.

Impact of the Covid-19 pandemic on our compliance mechanisms

Due to travel restrictions and in order to keep our employees safe, we had to conduct audits from Darmstadt. Audits were either postponed or adapted so that they could be performed remotely from Darmstadt.

The number of virtual meetings held by our employees grew significantly due to the pandemic, increasing compliance complexity as regards data privacy and IFPMA, EFPIA as well as local pharmaceutical industry code requirements. We responded by providing appropriate guidance on how to comply with international and local regulations in the fast-changing virtual environment and we are adapting our requirements and procedures accordingly.

We contributed to the fight against the Covid-19 pandemic by donating protective equipment to healthcare organizations as well as other organizations around the world. We also defined global processes and requirements to ensure these kinds of donations are made in line with our compliance principles as well as international and local codes and regulations.

Risk assessment

Proper compliance risk management is crucial to identify undetected risks and keep our company protected. In 2019, we rolled out a new overarching cross-sector compliance risk management process. This “Compliance Risk Reporting & Self-Monitoring Process” comprises two components. Compliance Risk Reporting is the component in which compliance risks are evaluated. The risk evaluation is conducted by the Compliance Officer, who determines the monetary impact and the extent to which the risk is likely to occur, starting with the inherent risk, followed by the residual risk evaluation. The self-monitoring component allows us to monitor the effectiveness of our compliance program within a business. The respective of the legal entity or head of department is provided with specific risk-mitigating statements that must be confirmed on an agreement scale from “fully agree” to “fully disagree”.

After completing the first cycle in the previous year, in 2020, we focused on the key risks identified by running different analyses and dedicated follow-up activities for risk mitigation. Additionally, we also started to run sector-specific risk assessments to highlight specific business sector risks and take a targeted approach to risk reduction that help us to continuously adjust our compliance program.

Conflicts of interest

We take all potential conflicts of interest seriously. Employees must avoid situations where their professional judgment may come into conflict with their personal interests. They must also disclose every potential conflict of interest to their manager and document the disclosure. Such issues are typically resolved directly between the employee and manager but can also be routed to Human Resources or other relevant functions.

To further enhance the existing process, a new Policy and Procedure as well as a new tool for transparent documentation of potential conflicts of interest, including decisions and mitigations taken, was rolled out in 2020.

In addition, as described in the Annual Report under “Avoidance of conflicts of interest,” Executive Board and Supervisory Board members are exclusively committed to the interests of the company and neither pursue personal interests nor grant unjustified advantages to third parties.

Management and requirements of our business partners

To be effective, compliance management must not be restricted to the boundaries of our own company. While our supplier management processes focus on vendor compliance with our standards, our global Third Partner Risk Management process governs interactions with sales partners, such as agents, distributors, and dealers. We expect our business partners worldwide to adhere to our compliance principles. We collaborate only with partners who pledge to comply with relevant laws, reject all forms of bribery and adhere to environmental, health and safety guidelines.

We apply a risk-based approach to selecting business partners. The greater the estimated risk regarding a certain country, region or type of service, the more in-depth we examine the company before entering into a business relationship. We also explore background information from various databases and information reported by our business partners.

If we encounter compliance concerns, we further analyze and verify the existing adverse information. Based on the outcome, we decide whether to reject the potential business partner, impose conditions to mitigate identified risks or terminate the existing relationship.

Compliance forums

This year, Group Compliance reinforced compliance awareness and encouraged compliance discussions by establishing a dedicated platform for local Compliance forums or committees. This platform enables discussion of updates and alignment on certain matters in order to maintain a high standard of corporate compliance throughout the global organization. At the same time, they make it possible to remain agile when new business and compliance challenges arise. Group Compliance has developed them using a structured methodology framework to enhance consistency and complementation across the globe, which will further support our risk assurance. Each local forum contributes to our consistent compliance framework approach and has sufficient flexibility to cater to their local sector-specific needs.

Compliance training

We provide regular compliance classroom and online training courses on our Code of Conduct, anti-corruption, antitrust, data privacy, and healthcare compliance standards. We require employees to take these courses based on their exposure to risk. Some courses also apply to independent contractors and supervised workers, such as temporary staff.

In 2020, we rolled out two new mandatory e-learning training courses. The training courses are assigned to all relevant employees. We launched an updated version of our anti-corruption e-learning training course in 13 languages. In 2020, 28,805 employees completed the training course. We also rolled out a new money laundering prevention e-learning training course, which is available in eight languages. The final rollout took place in November 2020 and 12,829 employees completed the training in 2020.

In September 2020, we migrated to a Group-wide learning management platform to simplify learner accessibility.

We regularly update our training plan and adapt it to new developments to continuously educate our employees on existing and new compliance requirements, guidelines and projects.

Compliance monitoring and reporting activities

In 2020, we further enhanced our monitoring and reporting activities. Since we have different tools within Compliance, our efforts were targeted to create a single platform that displays all relevant information (KPIs and metrics for trend analysis) from the various tools. Therefore, we initiated a new governance and monitoring project that ensures a more efficient tracking of compliance-related KPIs and metrics.

Reporting potential compliance violations

We encourage all employees worldwide to report potential compliance violations to their supervisors, Legal, HR, or other relevant departments. Worldwide, they can also use our central whistleblowing SpeakUp Line free of charge and anonymously to report violations in their local language by telephone or via a web-based application. Reports of potential compliance violations that we receive via our SpeakUp Line are reviewed by the Compliance Investigations and Case Management team. Cases with a certain risk profile are presented to the Compliance Case Committee, which comprises senior representatives from Compliance, Corporate Security, Data Privacy, Human Resources, Internal Auditing, and Legal.

The committee’s duties include assessing and classifying ethical issues, investigating their background and addressing these issues using appropriate measures. Based on the investigation outcome and recommendations from the compliance investigation team or the Compliance Case Committee, appropriate disciplinary action may be taken against employees who have committed a compliance violation. If, during the investigation, a root cause is identified that could lead to further compliance violations, we take preventive and corrective actions.

The SpeakUp Line is also available to external stakeholders. The relevant information can be found in the Compliance and Ethics section of our website, where we consolidate key compliance information, such as our values, Code of Conduct (CoC) and information on transparency and data privacy for external audiences.

Both the number of reports of suspected compliance violations and the number of actual compliance cases were stable compared with the previous year. In 2020, we received 81 compliance-related reports via the SpeakUp Line and other channels that led to investigations. There were 41 confirmed cases of violations of the CoC or other internal and external rules.

Compliance audits

As part of operational audits, our Group Internal Auditing function regularly reviews relevant matters at our sites to determine the effectiveness of the respective compliance guidelines, processes and structures in place. The unit also checks for violations of our CoC and our Anti-Corruption Policy and reviews the workplace requirements set out in our Human Rights Charter.

Our audit planning aims to provide comprehensive risk assurance through the best possible audit coverage. Our annual audit planning process is risk-based and includes factors such as sales, employee headcount, systematic stakeholder feedback, and the Corruption Perceptions Index (CPI) published by the non-governmental organization Transparency International. If an internal audit produces recommendations, Group Internal Auditing performs a systematic follow-up and monitors the implementation of the prescribed corrective actions. In 2020, we assessed 52 operations for corruption-related risks.

Alliance for Integrity

We are a member of the Alliance for Integrity Steering Committee, which was established by the German Society for International Cooperation (GIZ), the German Global Compact Network (DGCN) and the Federation of German Industries (BDI). This initiative aims to achieve corruption-free business in low- and middle-income countries. Its activities focus on Latin America, Ghana, and Asian countries, particularly India and Indonesia. The Steering Committee leads the decision-making process for developing national measures, while local advisory groups oversee implementation at country level.

Our local compliance organizations also collaborate with these groups and offer training to small and medium-sized companies. Beyond these efforts, we continuously assist the Alliance for Integrity through business-to-business workshops and training courses and by sharing best practices on how to develop and implement effective corruption prevention systems.

Engaging stakeholders

In 2020, we conducted dialogues primarily through our memberships of various associations. We are members of various organizations, including the German Chemical Industry Association (VCI), the German Institute for Compliance (DICO), the European Federation of Pharmaceutical Industries and Associations (EFPIA), the German Association of Voluntary Self-Regulation for the Pharmaceutical Industry (FSA), the International Federation of Pharmaceutical Manufacturers and Associations (IFPMA), the Alliance for Integrity, the German Association for Supply Chain Management, Procurement and Logistics (BME), and the International Association of Privacy Professionals (IAPP).

Due diligence
A risk analysis exercised with particular care.
Stakeholder
People or organizations that have a legitimate interest in a company, entitling them to make justified demands. Stakeholders include people such as employees, business partners, neighbors in the vicinity of our sites, and shareholders.
Sunshine Act
The Sunshine Provisions of the U.S. Patient Protection and Affordable Care Act aim to create more transparent relationships between manufacturers of drugs, medical devices and medical aids on the one hand, and doctors and teaching hospitals on the other.
Managing director
At our company, this individual is ultimately responsible for ensuring that their subsidiary, including R&D and manufacturing centers, complies with all laws and regulations applicable to its business, including our Guidelines.
Stakeholder
People or organizations that have a legitimate interest in a company, entitling them to make justified demands. Stakeholders include people such as employees, business partners, neighbors in the vicinity of our sites, and shareholders.

Which of these describe you best?

1/2

Which topics in the report interest you in particular? (Multiple answers possible)

2/2