Compliance risks

Compliance risk means any risk of legal or administrative penalties, financial losses or loss of reputation as a result of a failure of the Company to comply with the applicable laws, regulations or other administrative provisions. With Group’s compliance risk management, compliance with legislation and Company's own requirements is ensured. Orion expects all its personnel to be familiar and comply with the Code of Conduct. Correspondingly, the ethical guidelines of the Third Party Code of Conduct applies to Orion’s third parties. Orion Code of Conduct and Third Party Code of Conduct covers a wide range of compliance issues, including the prohibition of corruption and bribery, established standards for labour, health and safety and environmental protection, and human rights issues.

The pharmaceutical industry is well regulated, and there are different licenses needed to work in the industry, and so does Orion. Authorities audit compliance activities regularly and Orion has to prove and report its implementation and management. Compliance with laws, regulations, or other administrative regulations is very important, and in practice normal daily work for many Orion employee. Most concretely, both European Medicines Agency (EMA), Finnish Medicines Agency (FIMEA) requirements are described as different internal work instructions (WI) and Standard Operations Procedures (SOP). In addition, Orion applies in its internal guidelines the requirements of the European Federation of Pharmaceutical Industries and Associations (EFPIA). Internal work instructions and Standard Operations Procedures use and update to different areas of activity are managed in a separate system that everyone has access to.

Compliance risks are associated with almost everything Orion does, so responsibility for compliance risk management is in different functions. Orion's compliance activities are decentralized to various functions. Its intended purpose is to follow regulations, inform about them and make own guidelines about them as well as to monitor and report on their implementation. The majority of this work is done by Orion's quality function, pharmacovigilance and regulatory departments, EHS (Environment, Health and Safety) function, internal audit and legal department.

Training and awareness raising are the most important measures to mitigate compliance risks. To be aware of and raise awareness of compliance risks, rules and ethical practices anti-corruption and anti-bribery online training is mandatory for the selected personnel. The Company ensures that the training is completed by all employees for whom it is mandatory. There is also a GDPR online course for all Orion personnel, conducted by all personnel involved in the processing of personal data. For reporting any misconduct, Orion has a public whistleblowing channel that complements the usual communications and reporting channels. The channel promotes good governance and ethical operations, and improves processes after any reported incident.