Skip to content

Compliance risks

Compliance risk means any risk of significant negative consequences because of a failure of the Company to comply with applicable regulation, other compliance requirements or Company's own commitments. Depending on the nature and severity of non-compliance, the negative consequences of compliance risks can include, for example, human rights violations, legal or administrative penalties, financial losses or loss of reputation. Group’s compliance is ensured with implementing the Corporate Compliance Program and Group-level compliance risk management.

Code of Conduct guides all activities

Orion expects all its personnel to be familiar and comply with the Code of Conduct and practices resulting from it. Correspondingly, the ethical guidelines of the Third Party Code of Conduct applies to Orion’s suppliers and partners. Orion Code of Conduct and Third Party Code of Conduct covers a wide range of compliance issues, including the prohibition of corruption and bribery, established standards for labour, health and safety and environmental protection, and human rights issues.

The pharmaceutical industry is highly regulated

The pharmaceutical industry is well regulated, and there are different licenses needed to work in the industry, and so does Orion. Authorities audit compliance activities regularly and Orion has to prove and report its implementation and management. Compliance with laws, regulations, or other regulations is very important, and in practice normal daily work for many Orion employee. Most concretely, both European Medicines Agency (EMA), Finnish Medicines Agency (FIMEA) requirements are described as different internal work instructions (WI) and Standard Operations Procedures (SOP). In addition, Orion applies in its internal guidelines the requirements of the European Federation of Pharmaceutical Industries and Associations (EFPIA). Internal work instructions and Standard Operations Procedures use and update to different areas of activity are managed in a separate system that everyone has access to.

Compliance risk management at Orion

Compliance risks are associated with almost everything Orion does, so responsibility for compliance risk management is in different functions. Orion's compliance activities are decentralized to various functions. Its intended purpose is to follow regulations, inform about them and make own guidelines about them as well as to monitor and report on their implementation. The majority of this work is done by Orion's quality management function, pharmacovigilance and regulatory departments, EHS (Environment, Health and Safety) function, internal audit and legal department.

The company trains its personnel

Training and awareness are the most important actions in managing  compliance risks. Orion regularly and systematically trains and orients its personnel to understand the purpose and meaning of Code of Conduct and anti-bribery and corruption guidelines. Code of Conduct e-learning is mandatory for all personnel. For a targeted portion of the personnel also anti-corruption and anti-bribery online training is mandatory. The Company ensures that the training is completed by all employees for whom they are mandatory. There is also a GDPR online course for all Orion personnel, conducted by all personnel involved in the processing of personal data. For reporting any misconduct, Orion has a public and confidential reporting channel for suspected misconduct, which complements usual reporting and notification channels. The centralized reporting channel and investigation process promote good governance and ethical conducts, and ensure that reports are handled in a systematic manner. Orion encourages its personnel and other stakeholders to bring to the attention of the company’s management their experiences, observations, and suspicions of any behaviour that violates human rights or any other guidelines. Orion investigates and processes reports promptly and impartially through the Group’s Compliance function. The company takes case-by-case corrective action when it detects non-compliant behavior.