Ethics, risk and compliance
To meet the expectations society has of our industry, we strive to maintain high ethical standards, manage risk effectively and ensure we comply with applicable laws and regulations. In addition, we work to uphold human rights and reduce social and environmental risk throughout our value chain. To support our approach, we encourage employees to take personal accountability for their decisions.

Our Code of Ethics
The healthcare industry deals with ethical questions every day – for example on affordability and access to medicines, or how to protect patients’ sensitive personal data. Many of these issues go to the heart of our strategy as a focused medicines company.
Our approach to managing ethical decisions is based on our Code of Ethics, which applies to all Novartis employees. This Code sets out commitments in 23 areas that are applicable across our business, codifying who we are, what we stand for and the principles to which we hold ourselves accountable. We conduct an annual global ethics survey to measure our progress in embedding our Code across our organization (see "Maintaining high ethical standards").
Managing risk
Our strategy as a focused medicines company creates both opportunities and risks for our business. Many of these risks relate to our business environment, such as the uncertainty inherent in research and development or increasing societal expectations of our industry. Effectively managing these risks is critical to achieving our strategic goals and creating value for our stakeholders and society.
Our Enterprise Risk Management (ERM) framework is designed to generate a holistic view of risks for the company and drive a culture of smart risk-taking. It ensures that effective risk management is integrated into our significant activities and helps us better understand our risk exposure by providing increased transparency for leaders on how our key threats and opportunities are evolving throughout the year.
Our annual ERM process results in the Novartis Risk Compass, which helps our Board of Directors and senior management focus on key risks and align strategy with risk exposure.
Risks are grouped into three categories: strategic, operational and emerging. Risks are rated on a four-point scale – very high, high, medium, low – based on their likelihood and potential impact, using the ‘most-probable worst-case’ scenario for each risk as a reference point. Once key risks are identified, mitigation plans are created.
In addition to the three categories described above, we identify separate “awareness topics” that we believe may become new risks over time. Awareness topics are not rated. We regularly monitor risks and revise our assessments, if necessary.
Novartis Risk Compass
Risk governance
The effectiveness of risk management depends on its integration into the governance of the organization, including strategy-setting and decision-making. This requires involvement and support from management and governance bodies at different levels of the company:
- The Risk Committee of the Board of Directors oversees the risk management system and processes within Novartis. Together with senior management, this body revises the prioritization of risks, the risk portfolio and actions implemented by management, and performs ad hoc reviews of key risk areas.
- The ECN regularly assesses risks and fosters a culture of risk awareness, in line with the Novartis Values and Behaviors and the Novartis Code of Ethics. The overall ERM process is the responsibility of the Chief Ethics, Risk & Compliance Officer. The CEO reviews and validates the annual Novartis risk portfolio, while members of the ECN are appointed as risk owners for relevant strategic risks.
- These bodies are supported by the Risk & Resilience organization, which is part of the Ethics, Risk & Compliance (ERC) function and manages the ERM process, as well as risk leaders from key markets and functions.
Risks in 2022
Our risk portfolio in 2022 comprises 16 risks. Of these, six are categorized as strategic, seven as operational and the remaining three as emerging. In addition, we have identified two awareness topics.
Changes in our external environment have exacerbated some risks and given rise to new ones
While the majority of risks remain the same as in 2021, changes in our external environment over the past year – such as the war in Ukraine and an increasingly negative global macroeconomic outlook – have exacerbated some risks and given rise to new ones. In addition, the decisions to spin off our Sandoz Division and transform our organizational structure have influenced our risk portfolio due to the significant nature of these changes.
Novartis 2022 risk portfolio
The table below sets out our full risk portfolio for 2022. Please see the table further down below for more details on our six strategic risks.
Strategic Risks
-
Key products and commercial priorities
Failure to deliver key commercial priorities and successfully launch new products
-
Research and development
Failure to successfully prioritize, integrate and execute our research and development programs for new products or new indications for existing products, given our focus on innovative medicines
-
Pricing, reimbursement and access
Pricing and reimbursement pressure, including pricing transparency and access to healthcare
-
Alliances, acquisitions and divestments
Failure to identify, execute, and/or realize the expected benefits from our external business opportunities
-
Strategic transformations
Failure to meet organizational transformation programs objectives and/or unintended adverse impacts on our business
-
Environmental, social and governance matters
Failure to meet environmental, social and governance expectations
Operational Risks
-
Cybersecurity and IT systems
Cybersecurity breaches, data loss, and catastrophic loss of IT systems
-
Fragmented IT landscape and strategic technology programs implementation
Failure to address fragmented business processes, unclear data ownership, and IT applications and infrastructure nearing their end-of-life may disrupt our core business processes
-
Talent management
Inability to attract, retain and motivate qualified individuals in key roles and markets
-
Third-party management
Failure to maintain adequate governance and oversight over third party relationships, and failure of third parties to meet their contractual, regulatory or other obligations
-
Legal, ethics and compliance
Challenges posed by evolving legal and regulatory requirements and societal expectations regarding ethical behavior
-
Manufacturing and product quality
Inability to ensure proper controls in product development and product manufacturing, and failure to comply with applicable regulations and standards
-
Supply chain
Inability to maintain continuity of product supply
Emerging Risks
-
Geopolitical developments
Impact of geo- and socio-political threats
-
Macroeconomic developments
Impact of macroeconomic developments
-
Climate change
Impact of climate change and increased risk of major natural disasters
Awareness Topics
-
Antimicrobial resistance and pandemics
Rise of antimicrobial resistance could potentially create future pandemics and impact the performance of certain Novartis products (e.g., oncology)
-
Falsified medicines
Impact of falsified medicines on patient safety, and reputational and financial harm to Novartis and our products
Strategic risks in focus
The table below provides an overview of our six strategic risks. Further information on our risk portfolio can also be found in the Novartis Annual Report.
|
|||
---|---|---|---|
Risk |
Context |
Actions |
|
Deliver high-value medicines |
|||
Key products and commercial priorities |
Our ability to grow our business depends on the commercial success of key products. Their success could be impacted by a number of factors, including pressure from new or existing competitive products; changes in the prescribing habits of healthcare professionals; unexpected side effects or safety signals; supply chain issues or other product shortages; pricing pressures; regulatory proceedings; changes in labeling; loss of intellectual property protection; and global pandemics. |
|
|
Research and development |
We engage in costly, lengthy and uncertain R&D activities, both independently and in collaboration with third parties, to identify and develop new products and new indications for existing products. Failure can occur at any point, including after substantial investment. New products must undergo intensive preclinical and clinical testing. Further, regulatory authorities continue to establish new and increasingly rigorous requirements for approval and reimbursement. The post-approval regulatory burden has also increased. |
|
|
Embed operational excellence |
|||
Alliances, acquisitions and divestments |
As part of our strategy, we acquire and divest products or entire businesses, and enter into strategic alliances and collaborations. This strategy depends in part on our ability to identify strategic opportunities, value them appropriately and competitively and close transactions with third parties. Efforts to develop and market acquired products, to integrate acquired businesses or to achieve expected synergies may fail or may not fully meet expectations. Also, our strategic alliances and collaborations with third parties may not achieve their intended goals and objectives. |
|
|
Strategic transformations |
In 2022, we announced a new organizational structure and operating model designed to support our innovation, growth, and productivity ambitions as a focused medicines company (Transforming for Growth). We also announced our intention to separate our Sandoz Division into a new publicly traded standalone company, by way of a 100% spin-off in order to maximize shareholder value. The significant nature of these organizational changes, and the additional workload and complexity for our employees in some areas, could potentially result in instability within the organization that may lead to failure to achieve the desired benefits. |
|
|
Strengthen our foundations |
|||
Pricing, reimbursement and access |
We experience increasing pressure on our ability to obtain and maintain satisfactory rates of reimbursement from governments, insurers and other payers. These pressures have many sources, including rising healthcare costs (exacerbated by the COVID-19 pandemic); funding restrictions and policy changes; and public controversies, debate, investigations and legal proceedings around pharmaceutical pricing. Such pressures may impact product pricing and market access. We also face price controls and other measures imposed by governments and other payers. In addition, our Sandoz Division faces continued price erosion in the generics and biosimilars segment. |
|
|
Environmental, social and governance matters |
An inability to successfully perform on ESG matters may have negative effects on our recruitment and retention of employees, as well as on our operations, financial results, reputation, and/or share price. Examples include failing to meet our access-to-medicines commitments or ensuring that third parties in our value chain comply with ESG requirements. We may also fail to meet evolving ESG due diligence and reporting regulations. |
|
Third-party risk assessments
We established a third-party risk management (TPRM) framework in 2019 to help identify and manage risks when interacting with third parties. In 2022, we extended our TPRM program to perform risk assessments on wholesalers and distributors in addition to vendors and suppliers.
Our TPRM framework is supported by our Third Party Code, which we recently updated to specify human rights due diligence and environmental sustainability expectations from third parties. We have also introduced guides to help procurement teams buy more of our supplies from certified sources.
Novartis is a member of the Pharmaceutical Supply Chain Initiative (PSCI). Our Third Party Code is consistent with the PSCI’s principles for responsible supply chain management.
Complying with laws, regulations and controls
We operate in a highly regulated industry. Making sure we comply with laws and regulations is important to secure the trust of both regulators and the wider public.
We have a comprehensive compliance management system, developed in line with external standards (e.g., those issued by the OECD), which that helps us to prevent, detect and correct systemic misconduct. The aim of this system is to ensure compliance not only with laws and regulations, but also with own internal policies and controls. In 2022, we conducted a review of our Compliance Evaluation Program, supported by an external non-profit organization focused on governance and anti-corruption.
We conducted a review of our Compliance Evaluation Program, supported by an external non-profit organization focused on governance and anti-corruption
We work to detect and prevent misconduct. Where evidence of misconduct is found, we take swift and appropriate action. Our programs are supported by our SpeakUp Office, which allows employees and external parties to raise concerns about potential misconduct in confidence (see "Maintaining high ethical standards").
Anti-bribery policies and practices
Novartis does not tolerate any form of bribery and/or corruption. Our Anti-Bribery Policy, Professional Practices Policy and Conflict of Interest Policy outline our expectations for all employees. We also clearly set out our standards in our Code of Ethics. Bribery risks in our supply chain are addressed by our Third Party Code and Anti-Bribery Third Party Guideline. The Third Party Code is an integral part of every supplier contract.
Working with Norges Bank Investment Management (NBIM), we helped develop a reporting standard on anti-bribery for the pharmaceuticals industry. The resulting expectation document issued by NBIM, which is based on principles such as the United Nations (UN) Global Compact and the OECD Guidelines for Multinational Enterprises, formed the basis of our first dedicated anti-bribery report published in early 2022. We plan to report on a regular basis.
Internal Audit
Internal Audit assists the Board of Directors and the ECN by providing independent assurance and advice on the effectiveness, efficiency and adequacy of processes and controls that support Novartis in achieving its strategy, managing major risks, and ensuring compliance with applicable policies, laws and regulations. To ensure its independence, our Internal Audit sits outside the ERC function; it works according to an audit plan approved by the Board’s Audit and Compliance Committee. During 2022, Internal Audit carried out 63 audits, reviews and advisories relating to both our own operations and our suppliers. These audits include the review of ethical standards.
Product quality and patient safety
We have extensive policies, systems and controls in place to protect patient safety. These relate primarily to two areas: product quality and pharmacovigilance.
To ensure product quality, we maintain a robust quality management system for our medicines in full compliance with requirements from health authorities and other regulators. We have manufacturing licenses and relevant ISO and Good Manufacturing Practice (GMP) certificates for all our manufacturing, medical devices, supply and distribution operations, issued after inspections by regulators such as the US Food and Drug Administration (FDA), the European Medicines Agency (EMA), the Japanese Pharmaceuticals and Medical Devices Agency (PMDA), the World Health Organization (WHO) and Swissmedic.
We conduct thorough investigations whenever there is any evidence of deviation from these standards, or if we detect failures in our manufacturing processes. We conduct comprehensive quality and safety training for employees and third parties. We require all employees involved in manufacturing, supply and distribution to attend at least two annual training sessions on quality standards. All third parties providing services or goods manufactured to good practice standards are required to have their own quality assurance and formal training process. Furthermore, we are regularly audited on our training procedures, and training is also included in our audits for third parties.
Following regulatory guidance (including FDA and EMA recommendations) we monitor chemical and biological medicines for impurities, including those classified as “probable human carcinogens” (e.g., nitrosamines). Any product identified with a potential risk undergoes further evaluation and risk management, with results submitted to the relevant health authorities as required.
Pharmacovigilance involves monitoring the safety of our drugs both during development and in the commercial setting. This enables us to detect any adverse effects that may emerge at any stage of the drug’s lifecycle. In accordance with international regulations, we share periodic safety reports with the relevant health authorities and maintain current benefit-risk analyses for our medicines.
We also support education programs for patients, providers and pharmacists, and provide regular training to employees in adverse event reporting. For some medicines, post-approval studies may be conducted to collect more data on possible long-term or adverse effects.
Health, safety & environment (HSE)
We work to maintain a safe and healthy environment at all our facilities. To achieve this, we have an integrated HSE management system. Every year, we carry out a comprehensive assessment to ensure compliance with all relevant laws, regulations and internal standards. We also have extensive health and safety programs that cover a broad spectrum of work related hazards.
To monitor progress, we set annual HSE targets, investigate all safety incidents, including “near-misses” and encourage employees to report all incidents. Novartis sites are subject to inspection by health, safety and environmental regulators. In addition, we require sites to carry out regular self-assessments; a dedicated team conducts more focused audits on a 3- to 5-year cycle.
We are also committed to protecting contractors’ safety: we assess outside contractors and make sure they have the right resources and procedures in place to be working at our sites. Supplier contracts include specific occupational health and safety criteria.
Cybersecurity
As reflected in our Code of Ethics, we are committed to the responsible use of information in our business processes, including personal information, and we adhere to appropriate standards to achieve this purpose. We have robust governance, processes and policies in place to ensure the security of our data and IT systems. All Novartis employees participate in annual mandatory training in information management.
To prevent IT system interruptions, Novartis has risk-based services continuity and systems recovery plans in place, which are tested periodically. We also conduct ongoing internal vulnerability analyses (including simulated hacking) as well as external testing via a third-party to ensure the effectiveness of our cybersecurity controls. We require employees to report IT security incidents to a Cyber Security Operations Center that operates 24 hours a day. Novartis has not experienced any material cybersecurity incidents in the three years through 2022.
Animal welfare
Animal research lies behind many recent medical advances, including cancer treatments, vaccines and drugs to treat neurological diseases such as epilepsy, schizophrenia and depression. It is a currently unavoidable part of medical science. Animal studies are also often required by health regulators to prove that medicines are safe and effective for humans.
Our animal research is governed by our Animal Welfare Policy, updated in 2022. This policy applies to all Novartis-sponsored studies, whether internal or external. As part of the policy, we are committed to applying the 3 R’s rule – to reduce the number of animals needed in our studies, to refine study methods to minimize animals’ distress or pain and to replace animal studies with alternative options where possible. See "Performance indicators" for our 2022 animal research performance indicators.
In 2022, we recognized several award-winning projects that significantly advanced the 3Rs at Novartis, including one that replaced mice in rheumatoid arthritis studies with a novel human cell based in-vitro assay. We also launched a grant program to prospectively fund research projects to validate new alternatives to animal research, reduce animal numbers and improve the animals’ experience.
Transparency and disclosure
We attach great importance to being transparent about our activities and performance. In addition to our Annual Report and this Novartis in Society Integrated Report, we publish many of our internal policies, codes and guidelines, and provide quarterly updates on our financial and ESG performance. We also disclose our progress against the UN Global Compact principles, as well as our payments to healthcare professionals and patient organizations, our political contributions and the results from our clinical trials. For more information, see our corporate website.
Upholding our commitment to human rights
Over the years, we have worked to embed human rights in our business. In our Code of Ethics, we pledge to conduct our business in a manner that respects the rights and dignity of all people. In 2022, we updated our Human Rights Commitment Statement.
To ensure we live up to our commitments, we have a human rights management program, based on three pillars, aligned with the UN Guiding Principles on Business and Human Rights:
Due diligence
We conduct ongoing human rights due diligence across our business. We also make sure we have policies and management systems in place to support our commitments. Our suppliers and partners are regularly assessed and monitored against our Third Party Code and we collaborate with industry partners like the Pharmaceutical Supply Chain Initiative on topic-specific supply chain projects such as conflict minerals and child labor.
In 2022, we carried out an assessment of our global health program to assess compliance with international human rights standards. This assessment applied to specific functions within our global health program and was based on the Human Rights Guidelines for Pharmaceutical Companies in relation to Access to Medicines, issued in 2008 by the UN Special Rapporteur on the right to health. In addition, our human rights team worked with our pharmaceutical export business to conduct human rights risk assessments covering high-risk countries.
Empowerment
We work to provide access to effective grievance mechanisms for those who may have been affected by human rights abuses, primarily through our SpeakUp office. In 2023, we plan to update our SpeakUp reporting tool to make the process of reporting a human rights grievance more accessible to third parties. We provide targeted training for employees in high-risk functions or locations – and raise awareness throughout the Group regarding the importance of respecting human rights.
Engagement
We engage with stakeholders to listen to their concerns, take collective action where it makes sense and regularly report our performance on human rights. We share actions taken to address the potential risk of conflict minerals, forced labor, child labor and other salient risks in our global supply chain through our annual UK and Australia Joint Modern Slavery Statement and other public disclosures.
Our human rights priorities
In 2022, we updated and streamlined our Human Rights Commitment Statement to focus on four priority areas, each aligned with the Novartis Code of Ethics. Below, we provide links to key policies and commitments relevant to each focus area.
Right to health
Key topics
Access to medicine; clinical trials; product quality; falsified medicines
Labor rights
Key topics
Freedom of association and collective bargaining; non-discrimination and equal treatment in employment; occupational health and safety; living wages; child labor; modern slavery including forced labor and human trafficking
Human rights & the environment
Key topics
Environmental impact of our operations and products over their lifecycle
Technology & human rights
Key topics
Responsible use of personal information; ethical use of artificial intelligence (AI)