Annual Financial Report

RNS Number : 6303S
GlaxoSmithKline PLC
12 March 2019
 

GlaxoSmithKline plc

(the 'Company')

 

Publication of 2018 Annual Report

 

The Company will today publish on its website www.annualreport.gsk.com the Annual Report for the year ended 31 December 2018 (the '2018 Annual Report').

 

A hard copy version of the following documents will be sent to those shareholders who have elected to receive paper communications on or about 2 April 2019:

 

-     2018 Annual Report

-     2018 Annual Summary (the '2018 Summary')

-     2019 Notice of Annual General Meeting

 

Shareholders who have not elected to receive paper communications will be sent the 2018 Summary notifying them of the availability of these documents on the Company's website.

 

In compliance with Listing Rule 9.6.1R of the UK Financial Conduct Authority ('FCA'), the aforementioned documents will be submitted to the UK Listing Authority and will be available for public inspection at the National Storage Mechanism (NSM) www.morningstar.co.uk/uk/NSM.

 

The information included in the unaudited preliminary results announcement released on 6 February 2019, together with the information in the Appendices to this announcement which is extracted from the 2018 Annual Report, constitute the materials required by the FCA's Disclosure Guidance and Transparency Rule 6.3.5R. This announcement is not a substitute for reading the 2018 Annual Report in full. Page and note references in the Appendices below refer to page and note references in the 2018 Annual Report.

 

 

V A Whyte

Company Secretary

 

12 March 2019

 

Cautionary statement regarding forward-looking statements

GSK cautions investors that any forward-looking statements or projections made by GSK, including those made in this announcement, are subject to risks and uncertainties that may cause actual results to differ materially from those projected. Such factors include, but are not limited to, those set out in Appendix A of this announcement.

 

Brand names

Brand names appearing in italics throughout this announcement are trademarks either owned by and/or licensed to GlaxoSmithKline or associated companies.
 

APPENDIX A

 

Principal risks and uncertainties

 

The principal risks discussed below are the risks and uncertainties relevant to our business, financial condition and results of operations that may affect our performance and ability to achieve our objectives. The risks below are those that we believe could cause our actual results to differ materially from expected and historical results. During 2018 we have evolved the cycle of management of these risks which helps us Identify, manage and report on our most important risks in a proportionate and consistent way.

 

We must adapt to and comply with a broad range of laws and regulations which apply to research and development, manufacturing, testing, approval, distribution, sales and marketing of Pharmaceutical, Vaccine and Consumer Healthcare products. These affect not only the cost of product development but also the time required to reach the market and the likelihood of doing so successfully on a continuous basis.

 

Also, during 2018 we have improved consistency of risk management across the organisation through evolution of our enterprise risk management and reporting cycle.

 

As rules and regulations change, and governmental interpretation evolves, the nature of a particular risk may change. Changes to certain regulatory regimes may be substantial. Any change in, and any failure to comply with, applicable law and regulations could materially and adversely affect our financial results.

 

Similarly, our global business exposes us to litigation and government investigations, including but not limited to product liability litigation, patent and antitrust litigation and sales and marketing litigation. Litigation and government investigations, including related provisions we may make for unfavourable outcomes and increases in related costs such as insurance premiums, could materially and adversely affect our financial results.

 

More detail on the status and various uncertainties involved in our significant unresolved disputes and potential litigation is set out in Note 45, 'Legal proceedings,' on pages 215 to 218.

 

UK regulations require a discussion of the mitigating activities a company takes to address principal risks and uncertainties. A summary of the activities that the Group takes to manage each of our principal risks accompanies the description of each principal risk below. The principal risks and uncertainties are not listed in order of significance.

 

Patient safety

 

Risk definition

Failure to appropriately collect, review, follow up, or report human safety information (HSI), including adverse events from all potential sources, and to act on any relevant findings in a timely manner.

 

Risk impact

The risk impact has the potential to compromise our ability to conduct robust safety signal detection and interpretation and to ensure that appropriate decisions are taken with respect to the risk/ benefit profile of our products, including the completeness and accuracy of product labels and the pursuit of additional studies/ analyses, as appropriate. This could lead to potential harm to patients, reputational damage, product liability claims or other litigation, governmental investigation, regulatory action such as fines, penalties or loss of product authorisation.

 

Context

Pre-clinical and clinical trials are conducted during the development of investigational Pharmaceutical, Vaccine and Consumer Healthcare products to determine the safety and efficacy of the products for use by humans. Notwithstanding the efforts we make to determine the safety of our products through appropriate pre-clinical and clinical trials, unanticipated side effects may become evident only when products are widely introduced into the marketplace. Questions about the safety of our products may be raised not only by our ongoing safety surveillance and post-marketing studies but also by governmental agencies and third parties that may analyse publicly available clinical trial results. Constant vigilance and flexibility is required in order to respond to a varied regulatory environment which continues to evolve and diverge globally.

 

The Group is currently a defendant in a number of product liability lawsuits, including class actions, that involve significant claims for damages related to our products. Litigation, particularly in the US, is inherently unpredictable. Class actions that seek to sweep together all persons who take our products increase the potential liability. Claims for pain and suffering and punitive damages are frequently asserted in product liability actions and, if allowed, can represent potentially open-ended exposure and thus, could materially and adversely affect the Group's financial results.

 

Mitigating activities

The Chief Medical Officer (CMO), who is also the Medical Officer for Pharmaceuticals, is responsible

for medical governance under a global policy. Under that policy, safeguarding human subjects in our

clinical trials and patients who take our products is of paramount importance, and the CMO has the

authoritative role for evaluating and addressing matters of human safety.

 

Individual Medical Officers within the Pharmaceutical, Vaccines and Consumer Healthcare businesses

and our substantial Safety and Pharmacovigilance organisation keep track of any adverse issues

reported for our products during the course of clinical studies. Once a Group product is approved for

marketing, we have an extensive post-marketing surveillance and signal detection system. Information

on possible side effects of products is received from several sources including unsolicited reports from

healthcare professionals (HCPs) and patients, regulatory authorities, medical and scientific literature,

traditional media and social media. It is our policy that employees are required to report immediately

any issues relating to the safety or quality of our products. Each of our country managers is responsible

for monitoring, exception tracking and training that helps assure the collection of safety information and

reporting the information to the relevant central safety department, in accordance with policy and legal

requirements.

 

Information that changes the risk/benefit profile of one of our products will result in certain actions to

characterise, communicate and minimise the risk. Proposed actions are discussed with regulatory

authorities and can include modifying the prescribing information, communications to physicians and

other healthcare providers, restrictions on product prescribing/availability to help assure safe use, and

sometimes carrying out further clinical trials. In certain cases, it may be appropriate to stop clinical trials

or to withdraw the medicine from the market.

 

Our Global Safety Board (GSB), comprising senior physicians and representatives of supporting

functions, is an integral component of the system. The GSB (including subsidiary boards dedicated to

Consumer Healthcare products and Vaccines) reviews the safety of investigational and our marketed

products and has the authority to stop a clinical trial if continued conduct of such trial is not ethically or

scientifically justified in light of information that has emerged since the start of the trial.

 

In addition to the medical governance framework as described above, we use several mechanisms to

foster the early evaluation, mitigation and resolution of disputes as they arise, and of potential claims

even before they occur. The goal of the programmes is to create a culture of early identification and

evaluation of risks and claims (actual or potential) that remains strong through organisational and

regulatory change, in order to minimise liability and litigation.

 

Product quality

 

Risk definition

Failure to comply with current Good Manufacturing Practices (cGMP) or inadequate controls and

governance of quality in the supply chain covering supplier standards, manufacturing and distribution

of products.

 

Risk impact

A failure to ensure product quality could have far reaching implications in terms of patient and consumer

safety resulting in product launch delays, supply interruptions and product recalls. This would have the

potential to do damage to our reputation, as well as result in other regulatory, legal and financial

consequences.

 

 

Context

Patients, consumers and HCPs trust the quality of our products. Product quality may be influenced by

many factors including product and process understanding, consistency of manufacturing components,

compliance with GMP, accuracy of labelling, reliability of the external supply chain, and the embodiment

of an overarching quality culture. The internal and external environment continues to evolve as new

products and new legislation are introduced. Critically, we are addressing the impact of Brexit on our

supply chain management and quality oversight between the UK and the EU and are developing and

deploying appropriate contingency plans to avoid interruption of supply to patients.

 

Mitigating activities

An extensive global network of quality and compliance professionals is aligned with each business unit

to provide oversight and assist with the delivery of quality performance and operational compliance,

from site level to senior management level. Management oversight of those activities is accomplished

through a hierarchy of Quality Councils and through an independent Chief Product Quality Officer and

Global Product Quality Office.

 

We have developed and implemented a single Quality Management System that defines the quality

standards and systems for our businesses associated with Pharmaceuticals, Vaccines and Consumer

Healthcare products and clinical trial materials. This system has a broad scope and is applicable

throughout the product lifecycle from R&D to mature commercial supply.

 

There is no single external quality standard or system that governs the detailed global regulatory

expectations for the quality of medicinal products. Requirements are often complex and fragmented

across national and regional boundaries. We have therefore adopted the internationally recognised

principles from the 'ICH Q10: Pharmaceutical Quality Systems' framework as the basis for the GSK

Quality Management System.

 

This is an industry standard which incorporates quality concepts throughout the product lifecycle. The

GSK Quality Management System is augmented by a consolidation of the numerous regulatory

requirements defined by markets across the world, which assures that it meets external expectations

for product quality in the markets supplied. The Quality Management System is routinely updated to

ensure that it keeps pace with the evolving external regulatory environment and with new scientific

understanding of our products and processes. As part of our drive to continually improve the operational

deployment of our Quality Management System, we are making our policies and procedures simpler to

understand and implement, as well as adopting innovative tools to give a more user-friendly experience.

 

We provide the Corporate Executive Team & Risk Oversight and Compliance Council with an integrated

assessment of Regulated Quality (GxP) performance. The defined key performance indicators cover

manufacturing practice, clinical practice, pharmacovigilance practice, regulatory practice, drug safety

assessment, and animal welfare.

 

We have implemented a risk-based approach to assessing and managing third party suppliers that

provide materials which are used in finished products. Contract manufacturers making our products are

expected to comply with GSK standards and are regularly audited to provide assurance that standards

are met.

 

All staff members are regularly trained to ensure that cGMP standards and behaviours based on our

values and expectations are followed. Additionally, advocacy and communication programmes are

routinely deployed to ensure consistent messages are conveyed across the organisation, whether they

originate from changes in regulation, learnings from inspections, or regulatory submissions. There is a

continued emphasis on the value of quality performance metrics to facilitate improvement and foster a

culture of 'right first time'.

 

Financial controls and reporting

 

Risk definition

Failure to comply with current tax laws or incurring significant losses due to treasury activities; failure to report accurate financial information in compliance with accounting standards and applicable legislation.

 

Risk impact

Non-compliance with existing or new financial reporting and disclosure requirements, or changes to the recognition of income and expenses, could expose us to litigation and regulatory action and could materially and adversely affect our financial results. Changes in tax laws or in their application with respect to matters such as transfer pricing, foreign dividends, controlled companies, R&D tax credits, taxation of intellectual property or a restriction in tax relief allowed on the interest on debt funding, could impact our effective tax rate. Significant losses may arise from inconsistent application of treasury policies, transactional or settlement errors, or counterparty defaults.

 

Any changes in the substance or application of the governing tax laws, failure to comply with such tax laws or significant losses due to treasury activities could materially and adversely affect our financial results.

 

Context

The Group is required by the laws of various jurisdictions to disclose publicly its financial results and

events that could materially affect the financial results of the Group. Regulators routinely review the

financial statements of listed companies for compliance with new, revised or existing accounting and

regulatory requirements. The Group believes that it complies with the appropriate regulatory

requirements concerning our financial statements and disclosure of material information including any

transactions relating to business restructuring such as acquisitions and divestitures. However, should

we be subject to an investigation into potential non-compliance with accounting and disclosure

requirements, this may lead to restatements of previously reported results and significant penalties.

 

Our Treasury group deals in high value transactions, mostly foreign exchange and cash management

transactions, on a daily basis. These transactions involve market volatility and counterparty risk.

 

The Group's effective tax rate reflects rates of tax in the jurisdictions in which the Group operates that

are both higher and lower than the UK rate and takes into account regimes that encourage innovation

and investment in science by providing tax incentives which, if changed, could affect the Group's tax

rate. In addition, the worldwide nature of our operations means that our intellectual property, R&D and

manufacturing operations are centered in a number of key locations. A consequence of this is that our

cross-border supply routes, necessary to ensure supplies of medicines into numerous end markets,

can be complex and result in conflicting claims from tax authorities as to the profits to be taxed in

individual countries. Tax legislation itself is also complex and differs across the countries in which we

operate. As such, tax risk can also arise due to differences in the interpretation of such legislation. The

tax charge included in our financial statements is our best estimate of tax liability pending audits by tax

authorities.

 

We expect there to be continued focus on tax reform in 2019 and future years driven by initiatives of

the Organisation for Economic Cooperation & Development to address the taxation of the digital

economy and European Commission initiatives including the use of fiscal state aid investigations.

Together with domestic initiatives around the world, these may result in significant changes to

established tax principles and an increase in tax authority disputes. These, regardless of their merit or

outcomes, can be costly, divert management attention and may adversely impact our reputation and

relationship with key stakeholders.

 

Mitigating activities

Financial results are reviewed and approved by regional management and then reviewed with the

Financial Controller and the Chief Financial Officer (CFO). This allows our Financial Controller and our

CFO to assess the evolution of the business over time, and to evaluate performance to plan. Significant

judgments are reviewed and confirmed by senior management. Business re-organisations and newly

acquired activities are integrated into risk assessments and appropriate controls and reviews are

applied.

 

Counterparty exposure is subject to defined limits approved by the Board for both credit rating and

individual counterparties. Oversight of Treasury's role in managing counterparty risk in line with agreed

policy is performed by a Corporate Compliance Officer, who operates independently of Treasury.

Further details on mitigation of Treasury risks can be found on pages 198 to 200, Note 42, 'Financial

instruments and related disclosures'.

 

We maintain a control environment designed to identify material errors in financial reporting and

disclosure. The design and operating effectiveness of key financial reporting controls are regularly

tested by management and via Independent Business Monitoring. This provides us with the assurance

that controls over key financial reporting and disclosure processes have operated effectively. A

minimum standard control set has been implemented, whereby all Finance activities, are required to

apply and ensure they are monitored. Our Global Finance Risk Management and Controls Centre of

Excellence provides extra support to large Group organisations undergoing transformation such as

system deployment or significant business and finance transformations. We have also added

operational resources to ensure processes and controls are maintained during business transformation,

the upgrade of our financial systems and processes. Additional risk mitigation has been introduced by

amending the programme timelines of system upgrades to optimise delivery.

 

The Disclosure Committee reporting to the Board, reviews the Group's quarterly results and Annual

Report and determines throughout the year, in consultation with its legal advisors, whether it is

necessary to disclose publicly information about the Group through Stock Exchange announcements.

The Treasury Management Group meets on a regular basis to seek to ensure that liquidity, interest

rate, counterparty, foreign currency transaction and foreign currency translation risks are all managed

in line with the conservative approach as detailed in the associated risk strategies and policies which

have been adopted by the Board.

 

Tax risk is managed through robust internal policies, processes, training and compliance programmes

to ensure we have alignment across our business and meet our tax obligations. We seek to maintain

open, positive relationships with governments and tax authorities worldwide and we welcome

constructive debate on taxation policy. We monitor government debate on tax policy in our key

jurisdictions to deal proactively with any potential future changes in tax law. We engage advisors and

legal counsel to confirm the implications for our business of tax legislation such as the recently enacted

US Tax Cuts and Jobs Act. Where appropriate, we are active in providing relevant business input to tax

policy makers. Significant decisions are submitted for consideration to the Tax Governance Board which

meets quarterly and comprises senior personnel from across GSK's Finance division.

 

Our tax affairs are managed on a global basis through a co-ordinated team of tax professionals led by

the Global Head of Tax who works closely with the business. Our tax professionals are suitably qualified

for the roles they perform, and we support their training needs in order that they continue to be able to

provide up to date technical advice. We submit tax returns according to statutory time limits and engage

with tax authorities to seek to ensure our tax affairs are current, entering arrangements such as

Continuous Audit Programmes and Advance Pricing Agreements where appropriate. These

agreements provide long-term certainty for both tax authorities and for us over the tax treatment of our

business. In exceptional cases where matters cannot be settled by agreement with tax authorities, we

may have to resolve disputes through formal appeals or other proceedings.

 

We keep up-to-date with the latest developments in financial reporting requirements by working with

our external auditors and legal advisors.

 

Anti-bribery and corruption (ABAC)

 

Risk definition

Failure of GSK employees, consultants and third parties to comply with our Anti-bribery & corruption

(ABAC) principles and standards, as well as with all applicable legislation.

 

Risk impact

Failure to mitigate this risk could expose the Group and associated persons to governmental investigation, regulatory action, and civil and criminal liability and may compromise the Group's ability to supply its products under certain government contracts. In addition to legal and financial penalties, a failure to prevent bribery through complying with ABAC legislation and regulations could have substantial implications for the reputation of the company, the credibility of senior leaders, and an erosion of investor confidence in our governance and risk management.

 

Context

We are exposed to bribery and corruption risk through our global business operations. In some markets,

the government structure and the rule of law are less developed, and this has a bearing on our bribery

and corruption risk exposure. In addition to the global nature of our business, the healthcare sector by

its very nature maintains relationships with government bodies, is highly competitive and subject to

regulation. This increases the instances where we are exposed to bribery and corruption risk.

 

The Group has been subject to a number of ABAC inquiries. We reached a resolution with the US

authorities in 2016 regarding their ABAC inquiry, following which we were subject to a self-monitoring

arrangement. The self-monitorship concluded in September 2018. Government investigations regarding

our China and other business operations are ongoing. These investigations are discussed further in

Note 45, 'Legal proceedings'.

 

Mitigating activities

Programme governance is provided through Enterprise Risk Management overseen by the ABAC

Governance Board which includes representation from key functional areas and the business. We have

a dedicated ABAC team responsible for the implementation and evolution of the programme in response

to developments in the internal and external environment. This is complemented with independent

oversight and assurance undertaken by the Audit & Assurance and Independent Business Monitoring

teams.

 

We have an enterprise-wide ABAC programme designed to ensure compliance with our ABAC policies

and mitigate the risk of bribery and corruption. It builds on our business standards, values and

expectations to form a comprehensive and practical approach to compliance and is flexible to the

evolving nature of our business.

 

Our Code of Conduct, values and expectations, and commitment to zero tolerance are integral to how

we mitigate this risk. In light of the complexity and geographic breadth of this risk, we constantly evolve

our oversight of activities and data, reinforce to our workforce clear expectations regarding acceptable

behaviours, and maintain regular communications between the centre and local markets.

 

Our ABAC programme is built on best in class principles and is subject to ongoing review and

development. It provides us with the basis from which we seek to manage the risk from top down and

bottom up. For example, the programme comprises top-level commitment from the Board of Directors

and leadership, a global risk assessment and key risk indicators to enable targeted intervention and

risk management activities. The programme is underpinned by a global ABAC policy and written

standards that address commercial and other practices that give rise to ABAC risk and ongoing

communications. We provide mandatory periodic ABAC training to our staff and relevant third parties

in accordance with their roles, responsibilities and the risks they face. In addition, the programme

mandates enhanced controls over interactions with government officials and during business

development transactions.

 

We continually benchmark our ABAC programme against other large multinational companies and use

external expertise and internal insights to drive improvements in the programme.

 

Commercial practices

 

Risk definition

Failure to engage in commercial activities that are consistent with the letter and spirit of the law, industry,

or the Group's requirements relating to marketing and communications about our medicines and

associated therapeutic areas; appropriate interactions with healthcare professionals (HCPs) and

patients; and legitimate and transparent transfer of value.

 

Risk impact

Failure to manage risks related to commercial practices could materially and adversely affect our ability

to grow a diversified global business and deliver more products of value for patients and consumers.

Failure to comply with applicable laws, rules and regulations may result in governmental investigation,

regulatory action and legal proceedings brought against the Group by governmental and private

plaintiffs which could result in government sanctions, and criminal and/or financial penalties. Failure to

provide accurate and complete information related to our products may result in incomplete awareness

of the risk/benefit profile of our products and possibly suboptimal treatment of patients and consumers.

 

Any practices that are found to be misaligned with our values could also result in reputational harm and

dilute trust established with external stakeholders.

 

Context

We operate on a global basis in an industry that is both highly competitive and highly regulated. Our

competitors may make significant product innovations and technical advances and may intensify price

competition. In light of this competitive environment, continued development of commercially viable new

products and the development of additional uses for existing products that reflect insights which help

ensure those products address the needs of patients/consumers, HCPs, and payers are critical to

achieve our strategic objectives.

 

As other pharmaceutical, vaccine and consumer companies, we face downward price pressure in major

markets, declining emerging market growth, and negative foreign exchange impact.

 

Developing new Pharmaceutical, Vaccine and Consumer Healthcare products is a costly, lengthy and

an uncertain process. A product candidate may fail at any stage, including after significant economic

and human resources have been invested. Our competitors' products or pricing strategies, or any failure

on our part to develop commercially successful products, or to develop additional uses for existing

products, could materially and adversely affect our ability to achieve our strategic objectives.

 

We are committed to the ethical and responsible commercialisation of our products to support our

mission to improve the quality of human life by enabling people to do more, feel better, and live longer.

To accomplish this mission, we engage the healthcare community in various ways to provide important

information about our medicines. Promotion of approved products seeks to ensure that HCPs globally

have access to information they need, that patients and consumers have access to the information and

products they need and that products are prescribed, recommended or used in a manner that provides

the maximum healthcare benefit to patients and consumers. We are committed to communicating

information related to our approved products in a responsible, legal and ethical manner.

 

Mitigating activities

Our strategic objectives are designed to ensure we achieve our mission of helping people do more, feel

better and live longer. We continue to strive for new product launches that are competitive and

resourced effectively. We also strive to have a healthy proportion of the Group's sales ratio attributable

to new product or innovation sales.

 

This innovation helps us defray the effect, for example, of downward price pressure in major markets,

declining emerging market growth and negative foreign exchange impact. Establishing new products

that are priced to balance expectations of patients and consumers, HCPs, payers, shareholders, and

the community enables us to maintain a strong global business and remain relevant to the needs of

patients and consumers. Our values and behaviours provide a guide for how we lead and make

decisions. We constantly strive to do the right thing and deliver quality products and ensure supply is

sustained to meet customer needs and demand requirements, seeking to ensure our actions reflect our

values, behaviours and the mission of our company.

 

We have taken action to enhance and improve standards and procedures for customer and consumer

engagement utilising the application of data analytics and e-commerce channels. We have policies and

standards governing commercial activities undertaken by us or on our behalf. Training has been

implemented to support the evolution of our activities to all relevant employees. All of these activities

we conduct worldwide must conform to high ethical, regulatory, and industry standards. Where local

standards differ from global standards, the more stringent of the two applies. We have harmonised

policies and procedures to guide above-country commercial practice processes as well as clarified

applicable standards for operations in the various markets in which we operate. Each business has

adopted the Internal Control Framework to support the assessment and management of its risks.

Commercial practices activities have appropriate monitoring programmes and oversight from both

business unit Risk Management and Compliance Boards and Country Executive Boards that manage

risks across in-country business activities. Where in the past we have fallen below our own or any other

regulatory or industry standards, we have sought to improve both the framework and culture for our

compliance processes.

 

All promotional materials and activities must be reviewed and approved according to our policies and

standards, and conducted in accordance with local laws and regulations, to seek to ensure that these

materials and activities fairly represent the products or services of the Group. When necessary, we

have disciplined (up to and including termination) employees who have engaged in misconduct and

have broadened our ability to claw back remuneration from senior management in the event of

misconduct.

 

We have eliminated rewards based on individual sales or market share of prescription products for

sales professionals and their managers who interact with HCPs in favour of rewards based on the

quality of the individuals' interactions with HCPs.

 

In October 2018, we announced changes that allow fair market value payments to be made by GSK to

expert practitioners to speak about our innovative medicines and vaccines in a limited number of

countries during a restricted time period in a product's lifecycle. New controls and training have been

implemented to support these changes while ensuring appropriate oversight and assurance across the

markets. Under the new policy, we will expand our reporting of payments to individual HCPs as part of

our commitment to transparency and responsible disclosure.

 

Privacy

 

Risk definition

The failure to collect, secure, use and destroy personal information (PI) in accordance with applicable

data privacy laws.

 

Risk impact

Non-compliance can lead to harm to individuals (e.g. financial loss, distress, prejudice) and GSK (e.g.

fines, management time, operational inefficiency, out of pocket costs, and reputational damage). It can

also damage trust between GSK and individuals, communities, business partners and government

authorities.

 

The General Data Protection Regulation (GDPR) increased the enforcement powers of EU supervisory

authorities, including by allowing them to impose fines of up to 4% of global revenue, and to require the

suspension of processing PI in certain circumstances. GDPR also gives individuals the right to bring

collective legal actions against GSK for failure to comply with data privacy laws.

 

Context

Data Privacy laws are diverse, with limited harmonisation, despite Europe's adoption of GDPR. In many

countries in which GSK operates, local data privacy laws govern how GSK can collect and use PI. It is

challenging for multi-nationals to standardise their approach to compliance with data privacy laws due

to the high-level of local variation. Governments are enforcing compliance with data privacy laws more

rigorously. There is an increasing focus on the ethical use of PI, over and above compliance with data

privacy laws, and individuals are increasingly aware of their rights under data privacy laws.

 

Mitigating activities

The Chief Compliance Officer is also the chairperson of the Privacy Governance Board (PGB), which

oversees GSK's overall data privacy programme. Each business and function has appointed a Risk

Owner who is accountable for the oversight of privacy risks associated with that business or functional

area. They are supported by Privacy Leaders within their business or function. Additionally, in some

countries data privacy laws require a Data Protection Officer (DPO) to be appointed. GSK has appointed

a single DPO for the European Union, who is represented and supported in specific countries by

Country Privacy Advisors. The Chief Compliance Officer is the Enterprise Risk Owner (ERO). The ERO

has appointed a delegate risk owner, the Global Privacy Officer (GPO) who has accountability on a

day-to-day basis for designing and implementing the control framework. The GPO co-leads the cross

functional Privacy Centre of Excellence (CoE), together with the Global Privacy Counsel. They are

supported by Privacy Officers and Privacy Counsel for each Region and multiple Country Privacy

Advisors (who are familiar with local privacy regulations).

 

GSK has emphasised the importance of data privacy from an internal risk management perspective by

separating Privacy as a new, standalone Enterprise Risk from the Information Security Enterprise Risk.

It has created a Privacy Centre of Excellence in Global Ethics and Compliance, which has overseen: (i)

the implementation of a control framework; (ii)remediation of certain existing business activities to

ensure compliance with GDPR (including adopting privacy controls e.g. privacy contract terms, written

records of processing activities, data protection impact assessments) and (iii) a comprehensive training

programme to drive greater awareness and accountability for managing PI across the entire

organisation. Key roles of the privacy network at GSK will be certified with an accredited international

privacy association.

 

Through monitoring, we continuously improve our processes, such as issue identification, reporting and

handling capabilities. We are developing a process to detect and assess new privacy regulations to

proactively prepare and mitigate regulatory risk to GSK.

 

Research practices

 

Risk definition

Failure to adequately conduct ethical and sound preclinical and clinical research. In addition, failure to

engage in scientific activities that are consistent with the letter and spirit of the law, industry, or the

Group's requirements, and failure to secure adequate patent protection for GSK's products.

 

Risk impact

The impacts of the risk include harm to human subjects, reputational damage, failure to obtain the

necessary regulatory approvals for our products, governmental investigation, legal proceedings brought

against the Group by governmental and private plaintiffs (product liability suits and claims for damages),

loss of revenue due to inadequate patent protection or inability to supply GSK products, and regulatory

action such as fines, penalties, or loss of product authorisation. Any of these consequences could

materially and adversely affect our financial results and cause loss of trust from our customers and

patients.

 

Context

Research relating to animals can raise ethical concerns. While we attempt to address this proactively,

animal studies remain a vital part of our research. In many cases, they are the only method that can be

used to investigate the effects of a potential new medicine in a living body before it is studied in humans.

Animal research can provide critical information about the causes of diseases and how they develop.

Nonetheless, we are continually seeking ways in which we can minimise our use of animals in research,

whilst complying with regulatory requirements.

 

Clinical trials in healthy volunteers and patients are used to assess and demonstrate an investigational

product's efficacy and safety or further evaluate the product once it has been approved for marketing.

We also work with human biological samples. These samples are fundamental to the discovery,

development and safety monitoring of our products.

 

The integrity of our data is essential to success in all stages of the research data lifecycle: design,

generation, recording and management, analysis, reporting, storage and retrieval. Our research data is

governed by legislation and regulatory requirements. Research data and supporting documents are

core components at various stages of pipeline progression decision-making and form the content of

regulatory submissions, publications and patent filings. Poor data integrity can compromise our

research efforts and negatively impact company reputation.

 

There are innate complexities and interdependencies required for regulatory filings, particularly given

our global research and development footprint. Continually changing and increasingly stringent

submission requirements continue to increase the complexity of worldwide product registration.

 

Scientific engagement (SE), defined as the interaction and exchange of information between GSK and

external communities to advance scientific and medical understanding, including the appropriate

development and use of our products, is an essential part of scientific discourse. Such non-promotional

engagement with external stakeholder groups is vital to GSK's mission and necessary for scientific and

medical advance. SE activities are essential but present legal, regulatory, and reputational risk if the

sharing of data, invited media coverage or payments to HCPs have, or are perceived to have,

promotional intent.

 

A wide variety of biological materials are used by GSK in discovery, research and development phases.

Through the Convention on Biological Diversity (CBD) and the Nagoya Protocol, the international

community has established a global framework regulating access to, and use of, genetic resources of

non-human origin in Research and Development (R&D). We support the principles of access and

benefit sharing to genetic resources as outlined in the CBD and the Nagoya Protocol, recognising the

importance of appropriate, effective and proportionate implementation measures at national and

regional levels.

 

Patent rights play an important role in providing GSK with a competitive advantage in the market. Any

loss of patent protection in a market for GSK's products developed through our R&D, including reducing

the availability or scope of patent rights, could materially and adversely affect our financial results in

that market. Absence of adequate patent or data exclusivity protection, which could lead to, for example,

competition from manufacturers of generic pharmaceutical products, could limit the opportunity to rely

on such markets for future sales growth for our products, which could also materially and adversely

impact our financial results. Following expiration of certain intellectual property rights, a generic

manufacturer may lawfully produce a generic version of a product. Introduction of generic products

typically leads to a rapid and dramatic loss of sales and reduces our revenues and margins for our

proprietary products.

 

Mitigating activities

We have an established Office of Animal Welfare, Ethics and Strategy (OAWES), led by the Chief of

Animal Welfare, Ethics and Strategy, that ensures the humane and responsible care of animals and

increases the knowledge and application of non-animal alternatives. The OAWES provides a framework

of animal welfare governance, promotes application of 3Rs (replacement, refinement and reduction of

animals in research), conducts quality assessments and develops and deploys strategies on animal

model reproducibility and translatability.

 

The Chief Medical Officer oversees the following enterprise Medical Governance Boards:

 

-         The Human Subject Research Board is in place to provide oversight for the human subject research sponsored and supported by us to ensure it conforms to ethical, medical and scientific standards

 

-         The Data Disclosure Board provides oversight for disclosure of our sponsored and supported human subject research. We make information available on our clinical studies, including summaries of the results - whether positive or negative. We were the first company to publish clinical study reports that form the basis of submissions to regulatory agencies and we have publicly posted more than 2,400 clinical study reports in addition to more than 6,400 study result summaries

 

-         Specific accountability and authorisation for SE is overseen by the Scientific Engagement and Promotional Practices Board. This Board is responsible for oversight of applicable policies and seeking to ensure the highest level of integrity and continuous development of SE

 

We have a Global Human Biological Samples Management (HBSM) governance framework in place to

oversee the ethical and lawful acquisition and management of human biological samples. Our HBSM

Enterprise Risk Management Team champions HBSM activities and provides an experienced group to

support internal sample custodians regarding best practice.

 

It remains an important priority to enhance our data integrity controls. Data Integrity Committees are in

place to provide oversight and Data Integrity Quality Assurance teams conduct assessments to provide

independent business monitoring of our internal controls for R&D activities.

 

The Regulatory Governance Board serves as the global regulatory risk management and compliance

board, promoting compliance with regulatory requirements and procedures, and oversees Group-wide

written standards for cross business regulatory processes.

 

We established an Access and Benefit Sharing Centre of Excellence to oversee applicable

requirements and enforcement measures for the acquisition and use of genetic material of non-human

origin in scope of the Nagoya Protocol.

 

R&D maintains and controls pre-publication procedures to guard against public disclosure in advance

of filing patent applications. In addition, because loss of patent protection can occur due to lack of data

integrity in preparing patent application data and information, legal experts collaborate with R&D to

support the review process for new patent applications.

 

The Research Practices risk is overseen by an Enterprise framework that seeks to ensure strengthened

governance across the R&D businesses in Pharmaceuticals, Vaccines and Consumer Healthcare.

Under the leadership of the Research Practices Enterprise Risk Owner, management of the risk takes

a pragmatic approach to information sharing, streamlining risk identification and escalation, while

ensuring ownership stays with the business.

 

Third party oversight (TPO)

 

Risk definition

Failure to maintain adequate governance and oversight over third party relationships and failure of third

parties to meet their contractual, regulatory, confidentiality or other obligations.

 

Risk impact

Failure to adequately manage third party relationships could result in business disruption and exposure

to risks ranging from sub-optimal contractual terms and conditions, to severe business and legal

sanctions and/or significant reputational damage. Any of these consequences could materially and

adversely affect our business operations and financial results.

 

Context

Third parties are critical to our business delivery and are an integral part of the solution to meeting our

business objectives. We rely on third parties, including suppliers, advisors, distributors, individual

contractors, licensees, and other pharmaceutical and biotechnology collaboration partners for

discovery, manufacture, and marketing of our products and for supporting other important business

processes.

 

These business relationships present a material risk. For example, we share critical and sensitive

information such as marketing plans, clinical data, and employee data with specific third parties who

are conducting the relevant outsourced business activities. Inadequate protection or misuse of this

information by third parties could have significant business impact. Similarly, we use distributors and

agents in a range of activities such as promotion and tendering which have inherent risks such as

inappropriate promotion or corruption. Insufficient internal compliance and controls by the distributors

could affect our reputation. These risks are further increased by the complexities of working with large

numbers of third parties across a diverse geographical spread.

 

Mitigating activities

To guide and enforce our global principles for interactions with third parties we have a global policy

framework applicable to buying goods and services, managing our external spend, paying and working

with our third parties. This policy framework applies to all employees and complementary workers

worldwide. The enterprise-wide TPO programme takes an enterprise-wide view of third party related

risks to ensure compliance with our ABAC policies and additional risks such as Labour Rights, Health

and Safety and Human Safety Information. It forms a comprehensive and practical approach to third

party oversight that is flexible to the evolving nature of our business and the type of engagement being

managed. The programme is managed through the Global Ethics and Compliance organisation and

has been globally deployed. It has strengthened risk assessment, contractual terms and due diligence

efforts on third parties and improved the overall management of our third party risks through the lifecycle

of the third party engagement.

 

Programme governance is provided through Enterprise Risk Management overseen by the TPO

Governance Board which includes representation from key functional areas and the business. We have

a dedicated TPO team responsible for the implementation and evolution of the programme in response

to developments in the internal and external environment.

 

Each business leadership team retains ultimate accountability for managing third party interactions and

risks. When working with third parties, our employees are expected to manage external interactions

and commitments responsibly. This expectation is embedded in our values and Code of Conduct. It is

our responsibility that all activities carried out on our behalf are performed safely and in compliance with

applicable laws and our values, expectations, standards and Code of Conduct (See ABAC report

above).

 

Our programme is complemented with independent oversight and assurance undertaken by the Audit

& Assurance and Independent Business Monitoring teams. We review the TPO programme against

other large multinational companies and use external expertise and internal insights to drive

improvements in the programme.

 

Environment, health & safety and sustainability (EHS&S)

 

Risk definition

Failure to manage environment, health & safety and sustainability (EHS&S) risks in line with our

objectives and policies and with relevant laws and regulations.

 

Risk impact

Failure to manage EHS&S risks could lead to significant harm to people, the environment and

communities in which we operate, fines, failure to meet stakeholder expectations and regulatory

requirements, litigation or regulatory action, and damage to the Group's reputation, which could

materially and adversely affect our financial results.

 

Context

We are subject to health, safety and environmental laws of various jurisdictions. These laws impose

duties to protect people, the environment, and the communities in which we operate, as well as potential

obligations to remediate contaminated sites. We have also been identified as a potentially responsible

party under the US Comprehensive Environmental Response Compensation and Liability Act at a

number of sites for remediation costs relating to our use or ownership of such sites in the US. Failure

to manage these environmental risks properly could result in litigation, regulatory action and additional

remedial costs that may materially and adversely affect our financial results. See Note 45 to the financial

statements, 'Legal proceedings', for a discussion of the environmental related proceedings in which we

are involved. We routinely accrue amounts related to our liabilities for such matters.

 

Mitigating activities

The Corporate Executive Team (CET) is responsible for EHS&S governance under a global policy.

Under that policy, the CET seeks to ensure there is a control framework in place to manage the risks,

impacts and legal compliance issues that relate to EHS&S and for assigning responsibility to senior

managers for providing and maintaining those controls. Individual managers seek to ensure that the

EHS&S control framework is effective and well implemented in their respective business area and that

it is fully compliant with all applicable laws and regulations, adequately resourced, maintained,

communicated, and monitored. Additionally, each employee is personally responsible for ensuring that

all applicable local standard operating procedures are followed by them and expected to take

responsibility for EHS&S matters.

 

Our risk-based, proactive approach is articulated in our Global EHS&S standard which supports our

EHS&S policy and our objective to discover, develop, manufacture, supply and sell our products without

harming people or the environment. In addition to the design and provision of safe facilities, plant and

equipment, we operate rigorous procedures that help us eliminate hazards where practicable and

protect employees' health and well-being.

 

Through our continuing efforts to improve environmental sustainability we have reduced our value chain

carbon intensity per pack, water consumption and waste generation. We actively manage our

environmental remediation obligations and seek to ensure practices are environmentally sustainable

and compliant.

 

Information security

 

Risk definition

The risk to GSK business activities if information becomes disclosed to those not authorised to see it,

or if information or systems fail to be available or are corrupted, typically because of cybersecurity

threats, although accident or malicious insider-action may be contributory causes.

 

Risk impact

Failure to adequately protect critical and sensitive systems and information may result in loss of

commercial or strategic advantage and could materially affect our ongoing business operations, such

as scientific research, clinical trials and manufacturing and supply chain activities.

 

Context

We rely on critical and sensitive systems and data, such as corporate strategic plans, intellectual

property, manufacturing systems and trade secrets. There is the potential that our computer systems

or information may be exposed to misuse or unauthorised disclosure.

 

We believe that the cyber security incidents that we have experienced to date have not resulted in

significant disruptions to our operations and have not had a significant adverse effect on our results of

operations, or on third parties. However, as the threats evolve we cannot provide assurance that our

significant efforts in protecting and monitoring our systems and information will always be successful in

preventing compromise or disruption in future. They increasingly involve highly-resourced threat actors

such as nation-states and organised criminals. Combined with the size and complexity of our IT systems

and those of our supply chain partners (including outsourced operations), this means that our systems

and information have been, and are expected to continue to be, the subject of cyber-attacks of various

types.

 

Mitigating activities

We have a global information protection policy and accompanying information technology standards

and processes that are supported through a dedicated team and programme of activity. Our Information

Protection function provides strategy, direction, and oversight, including active monitoring of cyber

security, while enhancing our global information security capabilities, through an ongoing programme

of investment that is in its sixth year.

 

We assess changes in our information protection risk environment through briefings by government

agencies, subscription to commercial threat intelligence services and knowledge sharing with other

pharmaceutical businesses and cross-industry bodies. Such changes are regularly reviewed by our

Executive team and our Board and suitable adjustments agreed.

 

We aim to apply industry best practices as part of our information security policies, processes and

technologies and invest in strategies that are commensurate with the changing nature of the security

threat landscape. This will include suitable levels of cyber-risk insurance cover in future.

 

Supply continuity

 

Risk definition

Failure to deliver a continuous supply of compliant finished product; inability to respond effectively to a

crisis incident in a timely manner to recover and sustain critical operations, including key supply chains.

 

Risk impact

We recognise that failure to supply our products can adversely impact consumers and patients who rely

on them. A material interruption of supply or exclusion from healthcare programmes could expose us

to litigation or regulatory action and financial penalties that could adversely affect the Group's financial

results. The Group's international operations, and those of its partners, expose our workforce, facilities,

operations and information technology to potential disruption from natural events (e.g. storm,

earthquake), man-made events (e.g. civil unrest, terrorism), and global emergencies (e.g. Ebola

outbreak, flu pandemic). It is important that we have robust crisis management and recovery plans in

place to manage such events.

 

Context

Our supply chain operations are subject to review and approval by various regulatory agencies that

effectively provide our license to operate. Failure by our manufacturing and distribution facilities or by

suppliers of key services and materials could lead to litigation or regulatory action such as product

recalls and seizures, interruption of supply, delays in the approval of new products, and suspension of

manufacturing operations pending resolution of manufacturing or logistics issues.

 

We rely on materials and services provided by third party suppliers to make our products, including

active pharmaceutical ingredients (API), antigens, intermediates, commodities, and components for the

manufacture and packaging of Pharmaceutical, Vaccine and Consumer Healthcare products. Some of

the third party services procured, such as services provided by contract manufacturing and clinical

research organisations to support development of key products, are important to ensure continuous

operation of our business.

 

Although we undertake risk mitigation we recognise that certain events could nevertheless still result in

delays or service interruptions. We use effective crisis management and business continuity planning

to provide for the health and safety of our people and to minimise impact to us, by maintaining functional

operations following a natural or man-made disaster, or a public health emergency.

 

Mitigating activities

Our supply chain model is designed to ensure the supply, quality and security of our products globally,

as far as possible. Through the Supply Chain Governance Committees we closely monitor the inventory

status and delivery of our products, with the aim of ensuring that customers have the Pharmaceutical,

Vaccines and Consumer Healthcare products they need. Improved links between commercial

forecasting and manufacturing made possible by our core commercial cycle should, over time, reduce

the risk associated with demand fluctuations and any impact on our ability to supply or the cost of write

offs where products exceed their expiry date. Each node of the supply chain is periodically reviewed to

ensure adequate safety stock, while balancing working capital in our end-to-end supply chain. Particular

attention is placed on mitigating supply risks associated with medically critical and high-revenue

products.

 

We routinely monitor the compliance of manufacturing external suppliers to identify and manage risks

in our supply base. Where practical, we minimise our dependence on single sources of supply for critical

items. Where alternative sourcing arrangements are not possible, our inventory strategy aims to protect

the supply chain from unanticipated disruption.

 

We continue to implement anti-counterfeit systems such as product serialisation in accordance with

emerging supply chain requirements such as the EU Falsified Medicines Regulation around the world.

 

A corporate policy requires each business and functional area head to ensure effective crisis

management and business continuity plans are in place that include authorised response and recovery

strategies, key areas of responsibility and clear communication routes, before any business disruption

occurs. Corporate Security supports the business by: coordinating crisis management and business

continuity training; facilitating simulation exercises; assessing our preparedness and recovery capability;

and providing assurance oversight of our central repository of plans supporting our critical business processes.

 

Each business performs risk oversight to assure adequate risk mitigation including identifying new and

emerging threats. We have a coordinated approach to evaluate and manage the implications for our

business arising from Brexit. Our approach to Brexit is set out on page 36.

 

These activities help ensure an appropriate level of readiness and response capability is maintained.

We also develop and maintain partnerships with external bodies like the Business Continuity Institute

and the UN International Strategy for Disaster Risk Reduction, which helps improve our business

continuity initiatives in disaster-prone areas and supports the development of community resilience to

disasters.

 

 

 

APPENDIX B

 

Directors' responsibility statement

 

Each of the current Directors, whose names and functions are listed below in the Corporate Governance section of the Annual Report 2018 confirms that, to the best of his or her knowledge:

 

-     the Group financial statements, which have been prepared in accordance with IFRS as adopted by the EU and IFRS as issued by the IASB, give a true and fair view of the assets, liabilities, financial position and profit of the Group; and

 

-     the Strategic report and risk sections of the Annual Report, which represent the management report, include a fair review of the development and performance of the business and the position of the Group, together with a description of the principal risks and uncertainties that it faces.

 

Name

Function

Sir Philip Hampton

Independent Non-Executive Chairman

Emma Walmsley

Chief Executive Officer

Dr Hal Barron

Chief Scientific Officer and President, R&D

Simon Dingemans

Iain Mackay

Chief Financial Officer

Chief Financial Officer Designate

Manvinder Singh (Vindi) Banga

Senior Independent Non-Executive Director

Dr Vivienne Cox

Independent Non-Executive Director and Workforce Engagement Director

Lynn Elsenhans

Independent Non-Executive Director

Dr Laurie Glimcher

Independent Non-Executive Director and Scientific & Medical Expert

Dr Jesse Goodman

Independent Non-Executive Director and Scientific & Medical Expert

Judy Lewent

Independent Non-Executive Director

Urs Rohner

Independent Non-Executive Director

 

 

 

APPENDIX C

 

Related party transactions

 

At 31 December 2018, GSK owned 32 million shares or 31.7% of Innoviva Inc. which is a biopharmaceutical company listed on NASDAQ. GSK began recognising Innoviva as an associate on 1 September 2015. The royalties due from GSK to Innoviva in the year were £209 million (2017 - £173 million). At 31 December 2018, the balance payable by GSK to Innoviva was £64 million (2017 - £53 million).

 

At 31 December 2018, GSK held a 50% interest in Japan Vaccine Co. Ltd (JVC) through its subsidiary GlaxoSmithKline K.K. This joint venture with Daiichi Sankyo Co., Ltd is primarily responsible for the development and marketing of certain prophylactic vaccines in Japan. During 2018, GSK sold £43 million (2017 - £41 million) of its vaccine products into the joint venture. At 31 December 2018, the trading balance due to GSK from JVC was £15 million (2017 - £11 million) and the balance payable by GSK to JVC was £nil (2017 - £nil).

 

Loans of £5 million to Medicxi Ventures I LP and £6 million to Index Ventures Life VI (Jersey) LP remained due to GSK at 31 December 2018. In 2018, GSK increased the equity investment in Kurma Biofund II, FCPR by £3 million, Apollo Therapeutics LLP by £2 million and Longwood Founders Fund LP by £0.2 million, and reduced a liability with Qura Therapeutics LLC by £3 million. As at 31 December 2018, the outstanding liability to Qura was £4 million.

 

The aggregate compensation of the Directors and CET is given in Note 9, 'Employee costs'.


This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact rns@lseg.com or visit www.rns.com.
 
END
 
 
ACSCKBDPBBKDNND

Companies

GSK (GSK)
UK 100

Latest directors dealings