Third Party Risk Management (TPRM) is the means by which Novartis manages risk when interacting with third parties, such as suppliers of goods and services.
Implemented globally across Novartis in 2019, TPRM allows us to better assess and effectively manage third-party risk exposure. In addition, it fosters collaboration with third parties that share and uphold our values and ethical principles.
TPRM enhances our capability to build and protect value for our stakeholders, including our patients, and advances the broader interests of society as a whole.
How does TPRM work
Risk areas covered by TPRM
Third-parties in scope
Business development and licensing deals
Mergers and acquisitions
A further scope expansion is planned in 2021 (including contractor safety, responsible minerals and global security risk), as well as additional third-party types, such as distributors and wholesalers on the sales side.
Third Party Risk Management is a standing agenda topic at the quarterly Trust & Reputation Committee meeting, chaired by the Novartis CEO.
The TPRM Leadership team manages the TPRM organization, monitors business partnering and is responsible for strategic alignment with Risk Function experts and business representatives. The team is headed by the Global Head of Human Rights & TPRM, who reports to the Chief Ethics, Risk and Compliance Officer at Novartis.
The Risk Functions define the risk policy for their specific areas and monitor delivery of the risk policy for third parties through TPRM. They also make decisions on risk assessment outcomes.
The Service Delivery Team, part of Novartis Business Services, performs third-party monitoring and coordinates audits on behalf of Novartis. It facilitates the end-to-end process, carries out third party monitoring and acts as a process helpdesk.
We capture key TPRM metrics, to help ensure robust operations, while continuously improving through leveraging technology and market capabilities.
TPRM has a positive impact in protecting our company and building trust with society, helping us avoid potentially risky third party engagements, while mitigating many risks with existing third parties.
In the first year of operations, we avoided or stopped collaborating with close to 100 third parties and mitigated risks with existing third parties.
Upholding ethical standards and protecting our reputation
Avoiding unethical suppliers uncovered through anti-bribery risk assessments
Protecting confidential clinical trials data
Ensuring that our patients data is safe
Requiring our partners to upgrade information security and data privacy management
Impacting local communities positively
Requesting partners to change harmful labor rights practices such as holding employees documents or money in escrow
Requesting partners to upgrade their practices to stop environmental damage