Novartis in Society Integrated Report 2022

Ethics, risk and compliance

To meet the expectations society has of our industry, we strive to maintain high ethical standards, manage risk effectively and ensure we comply with applicable laws and regulations. In addition, we work to uphold human rights and reduce social and environmental risk throughout our value chain. To support our approach, we encourage employees to take personal accountability for their decisions.

Annie Hilliard, a Novartis employee (Photo)
Annie Hilliard, an employee in our Global Drug Development organization.

Our Code of Ethics

The healthcare industry deals with ethical questions every day – for example on affordability and access to medicines, or how to protect patients’ sensitive personal data. Many of these issues go to the heart of our strategy as a focused medicines company.

Our approach to managing ethical decisions is based on our Code of Ethics, which applies to all Novartis employees. This Code sets out commitments in 23 areas that are applicable across our business, codifying who we are, what we stand for and the principles to which we hold ourselves accountable. We conduct an annual global ethics survey to measure our progress in embedding our Code across our organization (see "Maintaining high ethical standards").

Managing risk

Our strategy as a focused medicines company creates both opportunities and risks for our business. Many of these risks relate to our business environment, such as the uncertainty inherent in research and development or increasing societal expectations of our industry. Effectively managing these risks is critical to achieving our strategic goals and creating value for our stakeholders and society.

Our Enterprise Risk Management (ERM) framework is designed to generate a holistic view of risks for the company and drive a culture of smart risk-taking. It ensures that effective risk management is integrated into our significant activities and helps us better understand our risk exposure by providing increased transparency for leaders on how our key threats and opportunities are evolving throughout the year.

Our annual ERM process results in the Novartis Risk Compass, which helps our Board of Directors and senior management focus on key risks and align strategy with risk exposure.

Risks are grouped into three categories: strategic, operational and emerging. Risks are rated on a four-point scale – very high, high, medium, low – based on their likelihood and potential impact, using the ‘most-probable worst-case’ scenario for each risk as a reference point. Once key risks are identified, mitigation plans are created.

In addition to the three categories described above, we identify separate “awareness topics” that we believe may become new risks over time. Awareness topics are not rated. We regularly monitor risks and revise our assessments, if necessary.

Novartis Risk Compass

Risk governance

The effectiveness of risk management depends on its integration into the governance of the organization, including strategy-setting and decision-making. This requires involvement and support from management and governance bodies at different levels of the company:

  • The Risk Committee of the Board of Directors oversees the risk management system and processes within Novartis. Together with senior management, this body revises the prioritization of risks, the risk portfolio and actions implemented by management, and performs ad hoc reviews of key risk areas.
  • The ECN regularly assesses risks and fosters a culture of risk awareness, in line with the Novartis Values and Behaviors and the Novartis Code of Ethics. The overall ERM process is the responsibility of the Chief Ethics, Risk & Compliance Officer. The CEO reviews and validates the annual Novartis risk portfolio, while members of the ECN are appointed as risk owners for relevant strategic risks.
  • These bodies are supported by the Risk & Resilience organization, which is part of the Ethics, Risk & Compliance (ERC) function and manages the ERM process, as well as risk leaders from key markets and functions.

Risks in 2022

Our risk portfolio in 2022 comprises 16 risks. Of these, six are categorized as strategic, seven as operational and the remaining three as emerging. In addition, we have identified two awareness topics.

Changes in our external environment have exacerbated some risks and given rise to new ones

While the majority of risks remain the same as in 2021, changes in our external environment over the past year – such as the war in Ukraine and an increasingly negative global macroeconomic outlook – have exacerbated some risks and given rise to new ones. In addition, the decisions to spin off our Sandoz Division and transform our organizational structure have influenced our risk portfolio due to the significant nature of these changes.

Novartis 2022 risk portfolio

The table below sets out our full risk portfolio for 2022. Please see the table further down below for more details on our six strategic risks.

Risk rating:

Strategic Risks

  • Key products and commercial priorities

    Failure to deliver key commercial priorities and successfully launch new products

  • Research and development

    Failure to successfully prioritize, integrate and execute our research and development programs for new products or new indications for existing products, given our focus on innovative medicines

  • Pricing, reimbursement and access

    Pricing and reimbursement pressure, including pricing transparency and access to healthcare

  • Alliances, acquisitions and divestments

    Failure to identify, execute, and/or realize the expected benefits from our external business opportunities

  • Strategic transformations

    Failure to meet organizational transformation programs objectives and/or unintended adverse impacts on our business

  • Environmental, social and governance matters

    Failure to meet environmental, social and governance expectations

Operational Risks

  • Cybersecurity and IT systems

    Cybersecurity breaches, data loss, and catastrophic loss of IT systems

  • Fragmented IT landscape and strategic technology programs implementation

    Failure to address fragmented business processes, unclear data ownership, and IT applications and infrastructure nearing their end-of-life may disrupt our core business processes

  • Talent management

    Inability to attract, retain and motivate qualified individuals in key roles and markets

  • Third-party management

    Failure to maintain adequate governance and oversight over third party relationships, and failure of third parties to meet their contractual, regulatory or other obligations

  • Legal, ethics and compliance

    Challenges posed by evolving legal and regulatory requirements and societal expectations regarding ethical behavior

  • Manufacturing and product quality

    Inability to ensure proper controls in product development and product manufacturing, and failure to comply with applicable regulations and standards

  • Supply chain

    Inability to maintain continuity of product supply

Emerging Risks

  • Geopolitical developments

    Impact of geo- and socio-political threats

  • Macroeconomic developments

    Impact of macroeconomic developments

  • Climate change

    Impact of climate change and increased risk of major natural disasters

Awareness Topics

  • Antimicrobial resistance and pandemics

    Rise of antimicrobial resistance could potentially create future pandemics and impact the performance of certain Novartis products (e.g., oncology)

  • Falsified medicines

    Impact of falsified medicines on patient safety, and reputational and financial harm to Novartis and our products

Novartis risk ratings (Graphic)

Strategic risks in focus

The table below provides an overview of our six strategic risks. Further information on our risk portfolio can also be found in the Novartis Annual Report.

Risk rating: Very high High Medium Low




Deliver high-value medicines

Key products and commercial priorities

Failure to deliver key commercial priorities and successfully launch new products

Our ability to grow our business depends on the commercial success of key products. Their success could be impacted by a number of factors, including pressure from new or existing competitive products; changes in the prescribing habits of healthcare professionals; unexpected side effects or safety signals; supply chain issues or other product shortages; pricing pressures; regulatory proceedings; changes in labeling; loss of intellectual property protection; and global pandemics.

  • We are focusing our commercial strategy on eight priority brands / launch assets across five core therapeutic areas, as well as four priority geographies (US, Germany, China, Japan).

  • We also continue to evolve our customer engagement model to combine traditional face-to-face visits with virtual engagements with healthcare professionals. We are similarly changing our approach to partnering with healthcare systems, payers and other healthcare providers.

Research and development

Failure to successfully prioritize, integrate and execute our research and development programs to develop new products or new indications for existing products, given our focus on innovative medicines

We engage in costly, lengthy and uncertain R&D activities, both independently and in collaboration with third parties, to identify and develop new products and new indications for existing products. Failure can occur at any point, including after substantial investment. New products must undergo intensive preclinical and clinical testing. Further, regulatory authorities continue to establish new and increasingly rigorous requirements for approval and reimbursement. The post-approval regulatory burden has also increased.

  • As with our commercial strategy, we have clear priorities in R&D. We focus on five technology platforms: two established platforms (chemistry and chemical biology; biotherapeutics) plus three advanced platforms (RNA therapy; radioligand therapy; gene and cell therapy).

  • We seek to enter into agreements with other pharmaceutical and biotechnology companies and with academic and other institutions to develop new medicines.

  • We are also accelerating the use of data science and digital technology to make the drug discovery and development process more efficient and effective.

Embed operational excellence

Alliances, acquisitions and divestments

Failure to identify, execute, and/or realize the expected benefits from our external business opportunities

As part of our strategy, we acquire and divest products or entire businesses, and enter into strategic alliances and collaborations. This strategy depends in part on our ability to identify strategic opportunities, value them appropriately and competitively and close transactions with third parties. Efforts to develop and market acquired products, to integrate acquired businesses or to achieve expected synergies may fail or may not fully meet expectations. Also, our strategic alliances and collaborations with third parties may not achieve their intended goals and objectives.

  • We established a new Strategy and Growth function to help drive our growth strategy end-to-end, including establishing an enterprise-level business development and M&A strategy to help identify external opportunities that align with our strategy.

  • We are also enhancing our due diligence approach, for example by strengthening risk assessments in areas such as advanced therapies.

Strategic transformations

Failure to meet organizational transformation programs objectives and/or unintended adverse impacts on our business

In 2022, we announced a new organizational structure and operating model designed to support our innovation, growth, and productivity ambitions as a focused medicines company (Transforming for Growth). We also announced our intention to separate our Sandoz Division into a new publicly traded standalone company, by way of a 100% spin-off in order to maximize shareholder value. The significant nature of these organizational changes, and the additional workload and complexity for our employees in some areas, could potentially result in instability within the organization that may lead to failure to achieve the desired benefits.

  • We established a dedicated transformation team for Transforming for Growth, which reports to our Executive Committee, while also putting in place measures to help employees and leaders manage through this significant reorganization of our business.

  • Ahead of the proposed Sandoz spin-off, we are working to strengthen Sandoz’s capabilities in functions that are currently shared and begin the separation of function-, country- or site-level dynamics. Sandoz is also considering plans to strengthen its development and manufacturing capabilities.

Strengthen our foundations

Pricing, reimbursement and access

Pricing and reimbursement pressure, including pricing transparency and access to healthcare

We experience increasing pressure on our ability to obtain and maintain satisfactory rates of reimbursement from governments, insurers and other payers. These pressures have many sources, including rising healthcare costs (exacerbated by the COVID-19 pandemic); funding restrictions and policy changes; and public controversies, debate, investigations and legal proceedings around pharmaceutical pricing. Such pressures may impact product pricing and market access. We also face price controls and other measures imposed by governments and other payers. In addition, our Sandoz Division faces continued price erosion in the generics and biosimilars segment.

  • We are increasing efforts to enable patient access through innovative pricing and access initiatives in the US, Europe and other markets, including contract structures such as pay-over-time and outcome-based agreements.

  • We also continue to execute against access-to-medicine and global health targets. These targets are backed by a sustainability-linked bond, which embeds them into the core of our business operations.

Environmental, social and governance matters

Failure to meet environmental, social and governance expectations

An inability to successfully perform on ESG matters may have negative effects on our recruitment and retention of employees, as well as on our operations, financial results, reputation, and/or share price. Examples include failing to meet our access-to-medicines commitments or ensuring that third parties in our value chain comply with ESG requirements. We may also fail to meet evolving ESG due diligence and reporting regulations.

  • We regularly review our ESG strategic roadmap to ensure commitments are on track and latest developments are incorporated. We also monitor ESG regulatory changes and set up internal governance and processes to be compliant with regulatory requirements.

Third-party risk assessments

We established a third-party risk management (TPRM) framework in 2019 to help identify and manage risks when interacting with third parties. In 2022, we extended our TPRM program to perform risk assessments on wholesalers and distributors in addition to vendors and suppliers.

Our TPRM framework is supported by our Third Party Code, which we recently updated to specify human rights due diligence and environmental sustainability expectations from third parties. We have also introduced guides to help procurement teams buy more of our supplies from certified sources.

Novartis is a member of the Pharmaceutical Supply Chain Initiative (PSCI). Our Third Party Code is consistent with the PSCI’s principles for responsible supply chain management.

Complying with laws, regulations and controls

We operate in a highly regulated industry. Making sure we comply with laws and regulations is important to secure the trust of both regulators and the wider public.

We have a comprehensive compliance management system, developed in line with external standards (e.g., those issued by the OECD), which that helps us to prevent, detect and correct systemic misconduct. The aim of this system is to ensure compliance not only with laws and regulations, but also with own internal policies and controls. In 2022, we conducted a review of our Compliance Evaluation Program, supported by an external non-profit organization focused on governance and anti-corruption.

We conducted a review of our Compliance Evaluation Program, supported by an external non-profit organization focused on governance and anti-corruption

We work to detect and prevent misconduct. Where evidence of misconduct is found, we take swift and appropriate action. Our programs are supported by our SpeakUp Office, which allows employees and external parties to raise concerns about potential misconduct in confidence (see "Maintaining high ethical standards").

Anti-bribery policies and practices

Novartis does not tolerate any form of bribery and/or corruption. Our Anti-Bribery Policy, Professional Practices Policy and Conflict of Interest Policy outline our expectations for all employees. We also clearly set out our standards in our Code of Ethics. Bribery risks in our supply chain are addressed by our Third Party Code and Anti-Bribery Third Party Guideline. The Third Party Code is an integral part of every supplier contract.

Working with Norges Bank Investment Management (NBIM), we helped develop a reporting standard on anti-bribery for the pharmaceuticals industry. The resulting expectation document issued by NBIM, which is based on principles such as the United Nations (UN) Global Compact and the OECD Guidelines for Multinational Enterprises, formed the basis of our first dedicated anti-bribery report published in early 2022. We plan to report on a regular basis.

Internal Audit

Internal Audit assists the Board of Directors and the ECN by providing independent assurance and advice on the effectiveness, efficiency and adequacy of processes and controls that support Novartis in achieving its strategy, managing major risks, and ensuring compliance with applicable policies, laws and regulations. To ensure its independence, our Internal Audit sits outside the ERC function; it works according to an audit plan approved by the Board’s Audit and Compliance Committee. During 2022, Internal Audit carried out 63 audits, reviews and advisories relating to both our own operations and our suppliers. These audits include the review of ethical standards.

Product quality and patient safety

We have extensive policies, systems and controls in place to protect patient safety. These relate primarily to two areas: product quality and pharmacovigilance.

To ensure product quality, we maintain a robust quality management system for our medicines in full compliance with requirements from health authorities and other regulators. We have manufacturing licenses and relevant ISO and Good Manufacturing Practice (GMP) certificates for all our manufacturing, medical devices, supply and distribution operations, issued after inspections by regulators such as the US Food and Drug Administration (FDA), the European Medicines Agency (EMA), the Japanese Pharmaceuticals and Medical Devices Agency (PMDA), the World Health Organization (WHO) and Swissmedic.

We conduct thorough investigations whenever there is any evidence of deviation from these standards, or if we detect failures in our manufacturing processes. We conduct comprehensive quality and safety training for employees and third parties. We require all employees involved in manufacturing, supply and distribution to attend at least two annual training sessions on quality standards. All third parties providing services or goods manufactured to good practice standards are required to have their own quality assurance and formal training process. Furthermore, we are regularly audited on our training procedures, and training is also included in our audits for third parties.

Following regulatory guidance (including FDA and EMA recommendations) we monitor chemical and biological medicines for impurities, including those classified as “probable human carcinogens” (e.g., nitrosamines). Any product identified with a potential risk undergoes further evaluation and risk management, with results submitted to the relevant health authorities as required.

Pharmacovigilance involves monitoring the safety of our drugs both during development and in the commercial setting. This enables us to detect any adverse effects that may emerge at any stage of the drug’s lifecycle. In accordance with international regulations, we share periodic safety reports with the relevant health authorities and maintain current benefit-risk analyses for our medicines.

We also support education programs for patients, providers and pharmacists, and provide regular training to employees in adverse event reporting. For some medicines, post-approval studies may be conducted to collect more data on possible long-term or adverse effects.

Health, safety & environment (HSE)

We work to maintain a safe and healthy environment at all our facilities. To achieve this, we have an integrated HSE management system. Every year, we carry out a comprehensive assessment to ensure compliance with all relevant laws, regulations and internal standards. We also have extensive health and safety programs that cover a broad spectrum of work related hazards.

To monitor progress, we set annual HSE targets, investigate all safety incidents, including “near-misses” and encourage employees to report all incidents. Novartis sites are subject to inspection by health, safety and environmental regulators. In addition, we require sites to carry out regular self-assessments; a dedicated team conducts more focused audits on a 3- to 5-year cycle.

We are also committed to protecting contractors’ safety: we assess outside contractors and make sure they have the right resources and procedures in place to be working at our sites. Supplier contracts include specific occupational health and safety criteria.


As reflected in our Code of Ethics, we are committed to the responsible use of information in our business processes, including personal information, and we adhere to appropriate standards to achieve this purpose. We have robust governance, processes and policies in place to ensure the security of our data and IT systems. All Novartis employees participate in annual mandatory training in information management.

To prevent IT system interruptions, Novartis has risk-based services continuity and systems recovery plans in place, which are tested periodically. We also conduct ongoing internal vulnerability analyses (including simulated hacking) as well as external testing via a third-party to ensure the effectiveness of our cybersecurity controls. We require employees to report IT security incidents to a Cyber Security Operations Center that operates 24 hours a day. Novartis has not experienced any material cybersecurity incidents in the three years through 2022.

Animal welfare

Animal research lies behind many recent medical advances, including cancer treatments, vaccines and drugs to treat neurological diseases such as epilepsy, schizophrenia and depression. It is a currently unavoidable part of medical science. Animal studies are also often required by health regulators to prove that medicines are safe and effective for humans.

Our animal research is governed by our Animal Welfare Policy, updated in 2022. This policy applies to all Novartis-sponsored studies, whether internal or external. As part of the policy, we are committed to applying the 3 R’s rule – to reduce the number of animals needed in our studies, to refine study methods to minimize animals’ distress or pain and to replace animal studies with alternative options where possible. See "Performance indicators" for our 2022 animal research performance indicators.

In 2022, we recognized several award-winning projects that significantly advanced the 3Rs at Novartis, including one that replaced mice in rheumatoid arthritis studies with a novel human cell based in-vitro assay. We also launched a grant program to prospectively fund research projects to validate new alternatives to animal research, reduce animal numbers and improve the animals’ experience.

Transparency and disclosure

We attach great importance to being transparent about our activities and performance. In addition to our Annual Report and this Novartis in Society Integrated Report, we publish many of our internal policies, codes and guidelines, and provide quarterly updates on our financial and ESG performance. We also disclose our progress against the UN Global Compact principles, as well as our payments to healthcare professionals and patient organizations, our political contributions and the results from our clinical trials. For more information, see our corporate website.

Upholding our commitment to human rights

Over the years, we have worked to embed human rights in our business. In our Code of Ethics, we pledge to conduct our business in a manner that respects the rights and dignity of all people. In 2022, we updated our Human Rights Commitment Statement.

To ensure we live up to our commitments, we have a human rights management program, based on three pillars, aligned with the UN Guiding Principles on Business and Human Rights:

Due diligence

We conduct ongoing human rights due diligence across our business. We also make sure we have policies and management systems in place to support our commitments. Our suppliers and partners are regularly assessed and monitored against our Third Party Code and we collaborate with industry partners like the Pharmaceutical Supply Chain Initiative on topic-specific supply chain projects such as conflict minerals and child labor.

In 2022, we carried out an assessment of our global health program to assess compliance with international human rights standards. This assessment applied to specific functions within our global health program and was based on the Human Rights Guidelines for Pharmaceutical Companies in relation to Access to Medicines, issued in 2008 by the UN Special Rapporteur on the right to health. In addition, our human rights team worked with our pharmaceutical export business to conduct human rights risk assessments covering high-risk countries.


We work to provide access to effective grievance mechanisms for those who may have been affected by human rights abuses, primarily through our SpeakUp office. In 2023, we plan to update our SpeakUp reporting tool to make the process of reporting a human rights grievance more accessible to third parties. We provide targeted training for employees in high-risk functions or locations – and raise awareness throughout the Group regarding the importance of respecting human rights.


We engage with stakeholders to listen to their concerns, take collective action where it makes sense and regularly report our performance on human rights. We share actions taken to address the potential risk of conflict minerals, forced labor, child labor and other salient risks in our global supply chain through our annual UK and Australia Joint Modern Slavery Statement and other public disclosures.

Our human rights priorities

In 2022, we updated and streamlined our Human Rights Commitment Statement to focus on four priority areas, each aligned with the Novartis Code of Ethics. Below, we provide links to key policies and commitments relevant to each focus area.

Right to health

Key topics

Access to medicine; clinical trials; product quality; falsified medicines

Labor rights

Key topics

Freedom of association and collective bargaining; non-discrimination and equal treatment in employment; occupational health and safety; living wages; child labor; modern slavery including forced labor and human trafficking

Human rights & the environment

Key topics

Environmental impact of our operations and products over their lifecycle

Technology & human rights

Key topics

Responsible use of personal information; ethical use of artificial intelligence (AI)

Topic filter