Compliance
Our compliance programme is designed to be proactive and follows the elements and principles for effective compliance programmes established by regulators.
All employees are required to undergo regular e-learning compliance training on the Code of Conduct, anti-corruption and data privacy, with records kept of the training. Training on the Code of Conduct, anti-corruption and anti-bribery are mandatory every second year. All new employees are introduced to compliance as part of the induction programme.
Our employees are encouraged to report potential misconduct or unethical behaviour openly to their line management, Human Resources, Compliance or the Legal Department, or by using the Sobi compliance hotline, which is a whistleblowing hotline run by a third party to allow for anonymity. The Sobi compliance hotline is also available for external audiences via a link on our website. All reports made through the whistleblowing hotline are reviewed by compliance and are subject to investigation according to Sobi’s Investigation policy and followed up with the appropriate remediation measures.
Anti-corruption
The pharmaceutical industry is exposed to several corruption risks. It is a highly regulated sector with global operations, multiple interactions with government officials and the widespread use of third parties throughout the pharmaceutical value chain. We work actively to prevent any form of corruption.
Sobi's healthcare compliance programme includes system support to minimise the risk of corruption. This includes policies, mandatory training for customer-facing employees, as well as reporting and controls.
Monetary transactions and value transfers with healthcare providers and patient organisations follow local transparency initiatives such as under the European Federation of Pharmaceutical Industries and Associations Code, US Sunshine Act and national transparency laws, and are made public on an annual basis on sobi.com. We publish Transfers of Value to healthcare providers in 37 (36) markets across Europe (including Russia and Ukraine), Asia, Australia, the Middle East, and the US.
Third-party risk management
Compliance and sustainability requirements on third parties are reflected in the Partner Code of Conduct. In addition, using a risk-based approach, all relevant third parties undergo due diligence screening in alignment with the policy on anti-corruption due diligence on third parties.
Data privacy
Data privacy is part of our Code of Conduct and is prioritised throughout the company. It is important that customers, clinical study subjects, employees and others that we interact with can trust the company processes personal data in a responsible and secure manner.
We have implemented a data privacy programme to promote data privacy compliance, including appointing a Data Protection Officer (DPO), a global policy on the processing of personal data and procedures for responding to data breaches and data subject access requests, and monitoring procedures. In addition, data privacy champions have been appointed throughout our organisation to promote compliance and support the business.