ETHICAL PRINCIPLES ARE ARTICULATED AND SHARED ORGANIZATIONWIDE THROUGH A SERIES OF CORPORATE POLICIES
Honesty, ethics, transparency, integrity and compliance underpin Grifols’ operations and its commitment to stakeholders. These principles have guided the company since its origins.
Leading by example, the Board of Directors and senior management team ensure these values are manifested in Grifols’ corporate culture throughout the organization.
These principles underscore Grifols’ corporate policies, which aim to surpass legal and compliance mandates (see Chapter 2 on “Corporate Governance” for more details).
Grifols’ Code of Ethics for Executives and Board of Directors, Code of Conduct, CrimePrevention Policy and Anti-Corruption Policy serve as the mainstays of its compliance program. This program is complemented by other policies and procedures related to concrete legal domains, compliance risks and country-specific requirements.
The group’s ethical principles are gathered in the Grifols’ Code of Conduct, which applies to all directors, employees, executives and administrative bodies, including Grifols subsidiaries. The Code of Conduct establishes the rules and guidelines that govern all Grifols employees in performing their duties and managing professional relationships. The Board of Director approves the Grifols’ Code of Conduct. The code was last revised and updated in 2015 to adapt to the company’s growth and global expansion.
GRIFOLS EMPLOYEES CAN CONFIDENTIALLY REPORT INSTANCES OF IMPROPER CONDUCT OR CASES OF NONCOMPLIANCE
The Code of Conduct encourages employees and third parties to use the Grifols Ethics Helpline to confidentially raise concerns of non-compliance or misconduct.
All allegations follow a standard operating procedure to guarantee that all claims are adequately investigated, resolved and closed.
Grifols has appointed an Ethics Ombudsperson to safeguard the correct implementation of this process. The ombudsperson reviews all submissions, determines if they warrant an investigation and ensures that compliance-related allegations and complaints are properly channeled and investigated.
The Grifols Ethics Helpline received 230 allegations in 2018 (170 allegations in 2017). The company encourages the use of the helpline in all of its countries of operation.
Grifols does not tolerate retaliation of any kind against those who in good faith report violations of applicable laws, rules and regulations, or non-compliance with internal policies and procedures. Retaliation may result in disciplinary action, including termination of employment.
Grifols Ethics Helpline: http://grifols.ethicspoint.com
Grifols is a global company fully committed to compliance with all applicable laws, rules and regulations wherever it does business. The compliance program includes policies and procedures to promote ethical conduct and compliance with anti-corruption regulations throughout the organization (Ethics & Compliance).
The Anticorruption Compliance Function is managed by the Global Chief Compliance Officer (GCCO), whose principal responsibility is to assure that Grifols’ global anticorruption policies and procedures comply with all applicable anticorruption laws, rules and regulations. The Global Chief Compliance Officer reports to the Board of Directors through the Audit Committee.
The Local Compliance department provides support in managing and coordinating the Anticorruption Compliance Function through the group’s affiliates. To this extent, the Global Compliance department maintains Local Compliance duly informed on any new activities regarding training, policies and procedures, as well as in regard to any change that could impact Grifols affiliates worldwide. This management and coordination activities by Local Compliance also include the continuous and systematic monitoring of any specific aspect that may need to be legally complied with on a local level by the affiliates, and that, in turn, may imply the need to adapt the Global Compliance program accordingly and if necessary.
The integrated IT system launched in 2017 for Anticorruption Compliance related matters, continues its rollout throughout the Grifols affiliates to continue improving the efficiency of compliance review processes on the interactions of Grifols’ staff with healthcare professionals and organizations.
In 2018, Grifols’ Board of Directors approved the crime-prevention policy to reinforce the company’s unequivocal rejection of the commission of crimes, criminal acts or any other type of unethical behavior, and its steadfast determination to prevent and combat these actions.
The crime prevention policy is available to all employees and third parties on the Grifols’ corporate website. The policy was developed through the Crime Risk Management System, or CRMS.
The objective of the CRMS is to assure public administrations, judicial and administrative, as well as third parties, that Grifols effectively exercises the requisite supervision, monitoring and control over board members, executives, employees, subsidiaries and other individuals by establishing measures to prevent crime or reduce their risk of commission.
An independent expert reviews the CRMS every year to ensure that its crime-prevention system complies with current legislation and includes adequate and efficient measures to prevent and detect crime, both in terms of its design and operational effectiveness.
Grifols’ Anti-Corruption and Crime-Prevention Policies are both available on our website: www.grifols.com
Grifols Anticorruption Policy, approved by the Audit Committee of the Board of Directors, applies to all of the employees of Grifols, S.A., and its affiliates and participated companies, as well as to third parties that collaborate with the company.
The Policy sets forth appropriate standards of conduct for interactions with government officials and other identified individuals who operate within the private sector, and is available to all employees and third parties through the corporate website. Anticorruption training is required periodically for both the current staff and newcomers at Grifols. Further, those employees who, on account of their roles and responsibilities within the company, interact more frequently with government officials or have a role relating, in general, to the commercialization of Grifols’ products or services, are subject to additional reinforced training.
Compliance with the Anticorruption Policy is further reinforced through various review processes designed on account of the different types of interactions that may take place, and which are assumed by Global Compliance.
5,038 interactions among employees and government officials or other professionals were reviewed during 2018, with a particular attention on those transactions with a greater risk.
Grifols applies a “zero tolerance” approach to acts of bribery and corruption by any and all members of the company and third parties. Violations of Grifols Anticorruption Policy may lead to disciplinary actions up to and including termination. In 2018, Grifols had no confirmed incidents of corruption in the markets where it operates.
At 31 December 2018, more than 86% of employees who, on account of their roles and responsibilities, are more likely to run the risk of facing acts of corruption, have received specific training on the Anticorruption Policy and rest of internal controls that sustain it. Out of these, more than 56% were trained during 2018.
Further to the continuous and periodic training on the anticorruption compliance program’s policies and procedures, Global Compliance is in permanent contact with Grifols’ employees to inform them on its policies and procedures, especially on related changes or novelties, or on any material anticorruption-related resolutions issued by government or judicial authorities, such as the US Department of Justice or the Spanish tribunals among others, that support the continuous enhancement of an ethical culture within the organization.
The third party anticorruption management program that forms part of the global Anticorruption Compliance Program, includes a series of controls on those third parties with whom Grifols intends to maintain a commercial relationship.
To this extent, before initiating the commercial relationship, these third parties are subject to an exhaustive verification process, with a first phase through which the legitimacy of the engagement is cleared and, with a second phase, of Due Diligence, consisting in verifying the good standing of third party’s organization and key employees, its way of doing business and its reputation.
Furthermore, the subsequent contracts entered into with such third parties include anticorruption related undertakings, as well as an annex summarizing Grifols Anticorruption Policy. Likewise, they are required to provide, at least annually, with a certification on having fully complied with the ethical standards that sets forth the Anticorruption Policy and, certain third parties are also required to receive specific anticorruption training.
Within the third party management program enhancement project initiated in 2017, during 2018 Global Compliance has focussed in revaluating the third party monitoring process, which ultimate objective is to re-channel all activities that, both actively and reactively, aim at minimizing the risks derived from any conduct that could violate the Anticorruption Policy and that could be identified during the duration of any third party commercial relationship.
GRIFOLS COLLABORATES WITH THE COMPETENT AUTHORITIES IN THE FIGHT AGAINST MONEY LAUNDERING AND THE FINANCING OF TERRORIST ACTIVITIES
Grifols has mechanisms, procedures and policies to prevent money laundering and respond to any possible breaches detected in the course of the company’s business dealings.
The Code of Ethics, Code of Conduct Conduct and Crime Prevention Policy include measures for the prevention of money laundering applicable all Grifols’ employees and activities.
As part of the CMR’s criminal risk analysis, Grifols has evaluated its exposure to the risks of money laundering and terrorist financing, identifying the activities with greater risk and identifying the main mechanisms of existing mitigating control.
Some of the aforementioned policies and procedures permit taking concrete actions to detect the risk of money laundering.
The company has a communication channel open to employees and third parties to confidentially report any concerns of possible ethical misconduct (Grifols Ethics Helpline).
Grifols has a reaction and response protocol, as well as a sanctions system, to amend any claims of unethical behavior or irregularities using all means possible, and if necessary, take corrective actions to prevent them from happening in the future. Grifols also collaborates with the competent authorities in each country to combat money laundering and the financing of terrorist activities. To this end, it is committed to providing all information requested in accordance with current legislation and reporting any suspicious transactions.
PROVIDING INFORMATION IN A CLEAR, CONCISE, HONEST AND ETHICAL MANNER CONTRIBUTES TO GREATER TRANSPARENCY
Grifols stresses the importance of transparency in all of its business operations and financial activities. A transparent organization encourages the ethical behavior of its employees and reduces the risk of illicit actions or conducts.
The company does its utmost to promote transparency among its main stakeholder groups, as well as disclose information in a clear, concise, honest and ethical manner.
Interactions between the healthcare industry and professionals have an unequivocally positive impact on enhancing patient care and research by creating value and advancing the efforts of all parties involved.
As a global leader in the healthcare sector, Grifols has broad experience and knowledge about patient behavior and disease management. The company’s interactions with healthcare professionals and organizations undoubtedly expand and enrich this body of knowledge.
The ability to tap this body of knowledge plays a key role in guiding the global healthcare industry, enhancing patient care and expanding treatment options. For this reason, Grifols believes healthcare professionals and organizations should be duly compensated for their contributions, such as the services provided to the healthcare sector. Transparency and integrity should underpin these interactions.
In the United States, the Open Payment Program or Transparency Reports and Reporting of Physician Ownership or Investment Interests (Sunshine Act) requires manufacturers of pharmaceutical products, biological products, medical devices and medical supplies to itemize all information relating to payments and other transfers of value made to specific healthcare practitioners and organizations, such as physicians and teaching hospitals. The Sunshine Act also requires applicable manufacturers and group purchasing organizations to report certain physician ownership or investment interests. The Centers for Medicare & Medicaid Services (CMS) extracts and publishes information from these reports, including amounts transferred and names of reported healthcare practitioners and organizations.
Grifols has a specific policy and procedure in place regarding its transparency program to ensure compliance with U.S. federal and state reporting obligations.
In 2019, the company will implement a new transparency-training program for new and present employees whose responsibilities include interactions with healthcare organizations or healthcare professionals. The company also plans to establish a quarterly sub-certification process to promote data integrity, continue its compliance with external transparency requirements and enhance the certification of decisionmakers to ensure that accountability is evenly spread throughout the organization on a global scale.
In Europe1, Grifols voluntarily adopted the practices outlined in the European Federation of Pharmaceutical Industries and Associations (EFPIA) Disclosure Code for the third consecutive year. The company complies with all relevant countryspecific transparency norms where they exist, including France, Portugal and Slovakia. Grifols also adheres to trade-association requirements in its countries of operation, such Germany and Italy.
1. European countries covered by the EFPIA Disclosure Code: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Malta, Norway, the Netherlands, Poland, Portugal, Romania, Russia, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United Kingdom.
In line with its commitment to transparency, Grifols has made these principles extensive to all its divisions and operations, beyond those covered under the EFPIA protocol, which is specific to medicines. As a member of MedTech Europe, Grifols also applies the Code of Business Practice transparency guidelines of this European trade association.
GRIFOLS HAS VOLUNTARILY COMMITTED TO PUBLICLY DISCLOSING TRANSFERS OF VALUE MADE TO HEALTHCARE PROFESSIONALS AND ORGANIZATIONS
Grifols’ commitment to transparency is detailed on the corporate website. The company discloses all information related to transfers of value by country in accordance with local regulations. In alignment with the aforementioned EFPIA Disclosure Code, Grifols has published a methodological note and country-specific reports detailing transfers of value to healthcare organizations and professionals.
Prior to their disclosure, all transfers of value are subject to the processes and procedures defined by Grifols’ Global Compliance Program, including approval by the competent committees.
In 20171, Grifols distributed EUR 11,715,663 in transfers of value in Europe in accordance with the EFPIA Disclosure Code and USD 13,586,205 in the United States under the Open Payments Program. With regard to countries in MedTech’s geographical area of influence, Grifols made no reportable transfers of value in 2017, as defined by MedTech and its “Training Aid” requirements. In addition to the United States and Europe, Grifols plans to implement similar transparency programs in other countries, such as Australia and Japan.
The company works with essential data required for its scientific research, contact details of its global workforce, and personal information of donors and patients, among others.
For Grifols, protecting the privacy and confidentiality of personal data is extremely important, as well as preventing violation and interruptions of its IT systems. This staunch commitment to safeguarding the privacy of personal data is contained within Grifols’ Code of Conduct, which applies to all of its companies and employees.
Grifols complies with all data protection laws and works exclusively with suppliers that guarantee adequate data integrity safeguards.
The company keeps personal details and medical information collected in plasmadonation centers and during clinical trials in the strictest confidentiality. The company also employs rigorous procedures, tools, frontline technology and insurance policies to protect the organization’s assets and its users in a cyber-context.
In 2017, Grifols created a multidisciplinary committee to further bolster the company’s data protection systems and ensure compliance with the new EU General Data Protection Regulation (GDPR).
In its quest to go beyond legal compliance, Grifols’ recently established Data Protection Office is working on standardizing the processing of personal data globally to ensure to employees, donors, patients and all stakeholders, that their personal data is properly processed by Grifols.