Compliance risks

Compliance risk means any risk of legal or administrative penalties, financial losses or loss of reputation as a result of a failure of the Company to comply with the applicable laws, regulations or other administrative provisions. With Group’s compliance risk management, compliance with legislation and Company's own requirements is ensured. Orion expects all its personnel to comply with the Code of Conduct and practices resulting from it. Correspondingly, the ethical guidelines of the Supplier Code of Conduct applies to Orion’s third parties. Orion Code of Conduct and Supplier Code of Conduct covers a wide range of compliance issues, including the prohibition of corruption and bribery, established standards for labour, health and safety and environmental protection, and human rights issues.

The pharmaceutical industry is well regulated, and there are different licenses needed to work in the industry, and so does Orion. Authorities audit compliance activities regularly and Orion has to prove and report its implementation and management. Compliance with laws, regulations, or other administrative regulations is very important, and in practice normal daily work for many Orion employee. Most concretely, both European Medicines Agency (EMA), European Federation of Pharmaceutical Industries and Associations (EFPIA) and Finnish Medicines Agency (FIMEA) requirements are described as different internal work instructions (WI) and Standard Operations Procedures (SOP). Internal work instructions and Standard Operations Procedures use and update to different areas of activity are managed in a separate system that everyone has access to.

Compliance risks are associated with almost everything Orion does, so responsibility for compliance risk management is in business. Orion's compliance activities are decentralized to various functions. Its intended purpose is to follow regulations, inform about them and make own guidelines about them as well as to monitor and report on their implementation. The majority of this work is done by Orion's quality function, pharmacovigilance and regulatory departments, EHS (Environment, Health and Safety) function, internal audit and legal department.

Training and awareness raising are the most important measures to mitigate compliance risks. To be aware of and raise awareness of compliance risks, rules and ethical practices anti-corruption and anti-bribery online training is mandatory for the selected personnel. The Company ensures that the training is completed by all employees for whom it is mandatory. The GDPR online course is also aimed at the entire Orion's staff, which approximately 70% of the entire staff carried out in 2018. For reporting any misconduct, Orion has a public whistleblowing channel that complements the usual communications and reporting channels. The channel promotes good governance and ethical operations, and improves processes after any reported incident.