Ethik, Risikomanagementund Compliance –Wege zu einem integrierten Assurance ModellKlaus Moosmayer, Ph.D. Member of the Executive Committee andChief Ethics, Risk and Compliance Officer of Novartis
BKMS®Experience Days| 15.09.2021
Ethics, Risk & Compliance
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20212
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
Our Company We are a focused medicines company
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20214
OUR COMPANY OUR PURPOSE
WE REIMAGINE MEDICINE TO IMPROVE AND EXTEND PEOPLES LIVES
We use innovative science and technology to address some of societies most challenging healthcare issues.
We discover and develop breakthrough treatments and find new ways to deliver them to as many people as possible.
We also aim to reward those who invest their money, time and ideas in our company.
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20215
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
April
2018
2019April
July
2019
2020January
June
2020
New Ethics, Risk & Compliance (ERC) function formed
Human Rights & Third Party Risk Management joined ERC
New Risk & Resilience organization established
Global ERC operating model announced
Launch new
Code of Ethics
(effective Sept 1)
Our Function Formed in April 2018
Klaus Moosmayer, Ph.D. | Novartis International AG | June 20216
Our OrganizationA diverse team, cutting across all Business Units, Corporate Functions, & Risk Areas
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20217
Approx. 560 associates globally
ERC ASSOCIATES
DIVISIONS & BUSINESS UNITS
Pharma Oncology Sandoz
Patient Engagement
Technical Operations
Business Services
Research & Development
DigitalCorp. Affairs & Global Health.
RISK AREAS
FinanceInformation
SecurityQuality
People & Organization
Data Privacy
Health, Safety & Environment
CORPORATE FUNCTIONS
Our StrategyWe support Novartis to act ethically and to reliably achieve our objectives
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20218
We empower associates to do
what’s right so that every day,
our decisions benefit patients,
society and Novartis
We establish effective risk
management that identifies,
analyses, and addresses risks
that can affect our ability to
operate
We ensure Novartis acts in
compliance with applicable
regulations, laws, policies and
guidelines
ETHICS RISK COMPLIANCE
Build a sustainable foundation
Develop enterprise assurance standards
Manage our compliance risks
1 2 3
Our ProgramThree bold objectives, covering nine key deliverables
Klaus Moosmayer, Ph.D. | Novartis International AG | September 20219
4. Enterprise Risk & Crisis
Management
5. Enterprise Policy & Control
Management
6. Third Party Risk Management
1. Embed Ethics
2. Respect Human Rights
3. Encourage Speak Up
7. Compliance Management
System
8. SpeakUp Program
9. Centralized Monitoring &
Remediation
ETHICS RISK COMPLIANCE
Build a sustainable foundation
Develop enterprise assurance standards
Manage our compliance risks
1 2 3
1
2
3
4
5
6
7
8
9
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202110
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
Compliance Management SystemAn integral part of our culture
ESTABLISH A CULTURE OF
ETHICS & INTEGRITYCOMPLIANCE RISK
MANAGEMENT
MISCONDUCT REPORTING
& INVESTIGATIONS
ORGANIZATION & GOVERNANCE
COMPLIANCETRAINING &
COMMUNICATIONS
COMPLIANCE POLICY
MANAGEMENT
Culture
1
2
34
5
CULTURE
» Supports the organization in achieving its cultural aspiration
» Is well designed, executed, and improved based on the changing environment and risk landscape
» It enables the prevention and detection of misconduct
» Embraces behavioral & data science
» Is continuously aligned with recognized international standards and good practices
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202111
Compliance Management SystemFive distinct pillars enable us to prevent, detect systemic misconduct
MISCONDUCT REPORTING &
INVESTIGATIONS
Maintain Reporting Channels
Intake & Triage Employee Reports
Conduct Internal Investigations
COMPLIANCE TRAINING &
COMMUNICATIONS
Develop a Training Curriculum
Determine Training Methodology
Develop Communications
Strategy
Deliver Communications
COMPLIANCE POLICY MANAGEMENT
Develop & Embed a Code of Ethics
Establish & Maintain Policy Governance
Maintain Policies, Process, & Controls
Embed Policy Processes within Systems & Tools
RISK ASSESSMENT
Assess Compliance Risk
Track the Legal & Regulatory Environment
Monitor / Audit Third Parties
Monitor Compliance Risk Exposure
Test & Monitor Compliance Controls
AssessThird-Party
Compliance Risk
TESTING & MONITORING
Build Risk-Specific Mitigation Plans
MITIGATION & REMEDIATION
Conduct Annual Compliance Risk
Assessment
ORGANIZATION & GOVERNANCE
Adequate Budget
Sufficient Resources
Effective Tools
Clear Governance
1 2 3 4 5
Reporting & Analytics
COMPLIANCE RISK MANAGEMENT
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202112
Professional Practice PolicyPrinciple-based to support decision-making
Principle-based Policy, to help navigate areas of
uncertainty and to support ethical decision-making
7 supporting guidelines, outlining clear requirements to
safeguard Novartis across key areas of risk
Strengthening the culture of compliance from ticking
boxes to focusing on understanding the “purpose & intent”
behind our interactions
Empowering associates to do what’s right by focus on the
visible and invisible drivers of decision-making
Laying the foundation for other global policies, many of
which are now oriented around principles to support ethical
decision-making
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202113
Launched in March 2018
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202114
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
Human RightsThe five pillars of our strategy
15
Ongoing
Due Diligence
Augmenting
existing due
diligence
processes by
embedding human
rights.
Human Rights
Assessments
Investigating of
markets, products,
and services for
potential human
rights risks &
impacts
Capacity
Building
Building capacity in
Novartis about
human rights and
due diligence
processes
Strategic Rights
Promotion
Supporting
protection of
human rights in
areas that align
with our business
Stakeholder
Engagement
Reporting and
engaging with key
internal functions &
external
stakeholders
Our ambition is to be a recognized leader in the healthcare sector in respecting and supporting the protection of human rights throughout our operations and supply chains. Our ambition will be realized through five strategic work-streams:
Ethics, Risk & Compliance | External Presentation Deck | November 2020Klaus Moosmayer, Ph.D. | Novartis International AG | September 2021
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202116
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
17 Klaus Moosmayer, Ph.D. | Novartis International AG | September 2021
RISKS
Common methodology for
Enterprise Risk Management at Novartis
Functions / business units
responsible to identify business risks and mitigation plans
Risk that shall be covered
mentioned in Policies / Guidelines
POLICIES & GUIDELINES
Top-level Policies provide high-
level principles
Guidelines and process narratives or flowcharts provide details for
specific areas / groups
All Policy / Guideline need to have
Internal Controls
INTERNAL CONTROLS
Controls ensure that risks are
mitigated to the extent reasonable
Controls are embedded in business processes
Creation of a harmonized control framework for Novartis’ functions
and units
Clear accountabilities and responsibilities, creating transparency and simplification for risk and control owners
Improved governance and oversight of the control landscape across the whole organization
Harmonized methodology, enabling the business to manage risks more efficiently
Integrated Risk ManagementAligning our policies & controls to our enterprise risks
Novartis Risk CompassClear mapping of enterprise risks, enabling focus and prioritization
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202118
Operationalrisks
Strategicrisks
Emergingrisks
Awarenessrisks
Our integrated enterprise risk
management process
1. Assessment
2. Mitigation
3. Monitoring and review
4. Continuous control
Strategic risks reported and discussed at Executive & Board level
Centralized Monitoring & RemediationProviding program assurance in collaboration with Countries
CENTRAL MONITORING TEAM CENTRAL REMEDIATION TEAM
“We make sophisticated compliance fitness tests and
based on several physiological parameters we help
you to define the optimum compliance training plan”
“We coach you how to best implement your individual
compliance training plan, that you can achieve your
peak performance”
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202119
Third Party Risk Management FrameworkThe business owner is responsible for managing the third party relationship and the risk
MANAGEMENT OF THE THIRD
PARTY SITS WITH THE BUSINESS
» TPRM covers the following core risk areas: anti-bribery; animal welfare; HSE; labor rights; information security; data privacy; and good manufacturing practices.
» In 2020, we added financial due diligence and trade sanctions.
» We expanded our risk management practices to include wholesalers and distributors, who are important Novartis customers.
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202120
THIRD PARTY RISK MANAGEMENT
THIRD PARTYPOLICY
MANAGEMENT
TRAINING & DEVELOPMENT
THIRD PARTYOVERSIGHT
ORGANIZATION & GOVERNACE
BUSINESSOWNER
5
4
3
2
1
Third Party Risk Management FrameworkMaintaining our standards when engaging third parties
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202121
Our process The risk areas covered
Anti-Bribery
Health, Safety & Environment
Quality (GMP)
Labor Rights
Information Security (3Pas)
Data Privacy
Animal Welfare
Financial Due Diligence*
Trade Sanctions*
*New risk areas by Oct 2020
1.3k+ supplier assessments per month
Human Rights topics embedded across all risk assessment
items and risk experts trained on applications
Third Party Risk ManagementOur principles guide our process and maintain our standards
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202122
Our principles guide our process and
helps ensure we make the right decisions
when engaging third parties.
This enables us to continue building trust
with society, protecting our patients, our
business, and human rights to positively
impact communities.
We maintain our ethical standards,
putting values before financial performance
and holding ourselves and others
accountable for it.
Our principles
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202123
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
SpeakUp Office
Business Use Only24
Global function for all associates or
externals to report potential misconduct
Assessment of complaints and
assignment for further investigation
Whistleblower protection
Formal reporting requirements (SOX)
Reputation protection in a highly regulated market
What we do
and why?
SpeakUp Process
Business Use Only25
What happens when you speak up
Report Review Investigate Decision Update Action Close
Report concern using one of
the Speak Up platforms*
Concern will be reviewed to decide
next steps
Local or global function will investigate
Business decides on appropriate
action
You will be updated in the case
If required, actions will be put into practice
Speak Up case closed
*Webf orm/hotline accessible at go/Speak Up or via local channels (your manager, ERC, P&O, Legal functions and senior management)
Misconduct Categories
Business Use Only26
Antitrust, fair competition
Books & records, accounting irregularities
Bribery & Kickbacks
Company Confidential/Trade Secret Information
Conflict of Interest
Data Privacy
Discrimination & Sexual harassment
Expense fraud
Fraud / asset misappropriation
Improper Professional Practices
IT Security Breach
Quality Assurance / Data Integrity
Retaliation
Other Employee Relations Issues (e.g. inappropriate
behavior, etc.)
Other (e.g. scientific misconduct, social media
guideline violation, etc.)
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202127
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A
Ethics matters because it builds trustBuilding trust with society is key to deliver our purpose of reimagining medicine
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202129
Trust
= Competence
+ Ethics
Ethical drivers 3x more important
to company trust
than competence*
Driving ethical behavior and a culture of integrity in your role as an ERC Professional enables us to earn and maintain the trust of our patients, shareholders and healthcare partners.
Source: Edelman Trust Barometer 2020
Ethical drivers 3x more important
to company trust
than competence*
We are building trust......by embedding ethical behavior across Novartis
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202130
Our Approach
Design Anchors
ExecutionPrinciple
Co-creationTo ensure what we do is relevant, meaningful, and works for all associates
Behavioral ScienceTo embrace the reality of what drives our ethical behaviors
AlignmentFully aligned with the Novartis values and culture
Key Elements
• A principle-based Code of Ethics
• A list of clear commitments on topics that matter
• Practical decision explorer and resources for all associates
• Reshaping our environment to support associates to do what’s right
We are addressing the visible and invisible drivers of ethics
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202131
Thinking about ethics
Changing behaviors through changing the mind
By developing the code and tools to support ethical decision making
Being ethical
Changing behaviors through changing the context, ethical climate and culture
And shaping our environment by removing blockers and supporting associates to do what’s right
The code itself is......key to signaling our commitment to ethics at Novartis
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202132
▪ The code was rolled out on June 2, 2020 and became effective on Sept 1, 2020. ▪ The Code of Ethics replaced the Code of Conduct.
1Our ethical principles define what ‘doing what’s right’ means in the context of Novartis.
2Clear statements on our commitment to doing what’s right across key areas.
It consists of two key elements:
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202133
Our Ethical Principles
Ask yourself
BE BOLD BE ACCOUNTABLEBE OPEN-MINDED BE HONEST
Am I actively listening to ideas or concerns?
Am I questioning the impact of my decisions?
Am I valuing the perspective of others?
Am I acting with clear intent?
Am I avoiding harm?
Am I speaking up?
Am I standing up for what I believe?
Am I putting patients first?
Am I making a positive difference?
Am I taking responsibility for my decisions?
Am I treating others as I would like to be treated?
Am I putting the team before myself?
Ethical principlesOur ethical principles are designed to guide our decision making
Our commitments clearly outline......what we expect from each other and why it’s important to us
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202134
Our Commitment
To create a safe place to work, where all of our associates
have an equal opportunity to succeed.
We will not tolerate discrimination, harassment, retaliation,
bullying or incivility. We value the contributions of all of our
associates and encourage them to express themselves and
their opinions freely in a professional way.
Why it matters
Fair employment practices benefit all our associates, as well as
society, and provides the integral foundation to support our
commitment to human rights.
Fair employment practices
Ethical LeadershipBecoming an Ethical Leader
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202136
“The Decision Explorer has helped me to identify potential biases
at play in our ethical decision making and a disconnect with our ethical
principles....
...But I don’t feel comfortable to discuss this with my team”.
The Ethics Conversation Toolkit...is designed to help managers create the environment for teams to discuss their ethical challenges
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202137
Psychological safety
Ethics & me
Ethics & my team
4
3
2
1Leadership
Vulnerability
Innovation
Collaboration
How to build a safe space for your team to be themselves,
make mistakes, share concerns and learn from all of it.
What being vulnerable truly means and how it can aid
collaboration and innovation
How ethics can act as a source of innovation and give
your team an edge
How to get your team talking about ethics and the
ethical challenges they face
1
2
3
Agenda
Klaus Moosmayer, Ph.D. | Novartis International AG | September 202138
1 Novartis Overview
2 Our Function – ERC (Ethics, Risk and Compliance)
3 Compliance Management System
3 Human Rights
5 Risk & Resilience
6 Speak-Up Office
7 Our New Code of Ethics
8 Q&A