Anahita Thoms Talks Trade and Sustainability with Klaus Moosmayer from Novartis
Companies face a number of challenges in creating an ethical culture and sustainable risk compliance regime. Anahita Thoms, Head of International Trade, Germany, speaks with Klaus Moosmayer, Member of the Executive Committee and Chief Ethics, Risk & Compliance Officer at Novartis, about global supply chain compliance, ethical decision making, and the importance of human rights and environmental concerns for daily business practices.
You are well known for your innovative approach in relation to ethics, risk and compliance. Has the pandemic accelerated innovation or rather delayed progress in companies?
Compliance professionals are in general well equipped to deal with a crisis. Over time, they have also developed sound communication skills, an agile working style and process design capabilities. And they know that building or maintaining a good reputation is more than complying with the laws. As much this pandemic has affected all of us, it should be a driver to further innovate modern assurance in companies. Modern assurance is integrated assurance. It is not only about anti-bribery compliance but a holistic view on ethical dilemmas and enterprise risks. In a crisis, you better do not operate in governance silos but provide a 360 degree view on the most relevant company risks - including integrity challenges. Because it is easy to loose the trust of society in a crisis situation in case you make decisions when the facts are not fully on the table. If the compliance departments embrace this opportunity, innovation can be accelerated towards a holistic assurance model on ethics, risk and compliance. If not, the risk exists to get marginalized in an economically challenging environment which leads to cost cutting across the classical corporate centers.
What do you consider the biggest challenges for a sustainable risk compliance regime, particularly when the company has operations and suppliers worldwide?
First of all, we need well functioning global supply chains if we want to overcome the crisis as a global society. There is no way to fight against COVID-19 alone. If I look at the pharmaceutical industry only, the research and development efforts are truly global, same for manufacturing and distribution of medicines. Together with the Bill and Melinda Gates Foundations, the CEOs of leading pharmaceutical companies have made publicly a joint commitment to uphold these principles and invited the public sector to commit as well.
When it comes to the compliance regime, we saw unfortunately the attempt of some governments to lower human rights standards by emergency laws in order to speed up the economy. But this cannot be the solution. This would again hit hardest the weakest part of the population. The industry needs to be vocal about this risk and resist. Furthermore, the urgency of the situation bears the risk of decreased due diligence efforts and increased fraud and corruption - also when it comes to state aid programs. It is definitely a call out to the private and public sector to find the right balance, we need to support fast but still in a controlled way.
We are seeing more and more board members who are in charge of the legal function now also being responsible for ethics and integrity in the organization. Being a thought leader in this field, what is your recommendation on the best way to ensure a good ethical culture? In your experience, does the organizational structure or the individual play a more important role?
Ethical decision making is certainly not owned by only one function within a company. It needs a culture which allows the open dialogue about real life dilemmas and our own biases. A culture of psychological safety. However, I believe that an organization which is professionally equipped to focus on ethical questions can be an important “catalyst” in supporting the management and all employees on such a journey.
At Novartis, we have combined this “catalyst function” with enterprise risk management and compliance as we believe that ethical decision making is the basis for to proper risk assessment and needs then an effective but pragmatic compliance management system to enable the employees “doing what is right”. The Legal department is certainly an important partner in this effort - as a peer. We have consequently separated the legal department from the ethics, risk and compliance function, with both function sitting at our executive committee, a set up which is by the way not totally uncommon for regulated industries. When it comes to organizational structure versus individual strength, I would say it goes only together. If a company wants to get to a mature assurance level, it needs to provide adequate organizational structure and resources, but without a resilient and convincing leader, it will not become sustainable.
The German Draft Supply Chain Act (Sorgfaltspflichtengesetz) requires decision-makers to take the results of a risk analysis of their supply chain into account when conducting business. The draft law also recommends to have a human rights officer who directly reports to the board. How can business leaders generally ensure a better integration of relevant human rights and environmental considerations into their daily business practices? And do you expect more board members to develop human rights expertise given the rising scrutiny in this area?
To make this crystal clear, human rights and supply chain compliance is not a “nice to have” but is here to stay, and rightfully so. It is also true, that the complexity of the task is in general totally underestimated by governments and NGOs. To assess risks in the areas of human and labor rights, IT security, product quality, health, safety and environment, export control, data privacy or corruption, to name only some risk areas, is a demanding task and requires first of all accountability of the business for their thirds parties but also high professional and technical skills and resources. And then we are facing the issue of sub-suppliers and sub-sub suppliers etc.
Where does our span of control end, legally and just factually? And what is the role of the governments in all of this when it comes to prevention and (not) taking part in collective actions to level the playing field? From a company point of view, I advocate for an integrated approach on Third Party Risk Management and Human Rights instead of trying to tackle the aforementioned risks in organizational silos. Another argument for an integrated assurance function combining ethics, risk management and compliance which has its seat at the table of top management and gives also transparency to the board about the efforts undertaken by the company.