While the business environment grows in complexity, what is clear at Johnson & Johnson is how we conduct our business every day: with the highest ethical standards in every aspect of our business and in every market where we operate. We see running a responsible business as an essential driver of value creation; and we are committed to operating with integrity.
Our Company has comprehensive policies, procedures and required training that help employees be aware of and comply with applicable laws, regulations and industry codes. The Johnson & Johnson Law, Health Care Compliance & Privacy (HCC&P) and Finance departments are available to help employees navigate the laws and regulations that impact our work.
Our Credo is the foundation that sets forth our core values, ensuring we are focusing on patients and customers, our employees and our communities. Our Johnson & Johnson Code of Business Conduct and our Health Care Compliance (HCC) policies and guidelines lay out the standards and principles that guide our behavior, particularly in our interactions with patients and healthcare professionals around the globe.
The Code sets forth our company’s values and standards, which apply to all employees worldwide. It reflects Our Credo values, outlines the principles that guide our behavior, informs the good choices we make, and provides guidance on where to get help when needed. All Johnson & Johnson employees and certain categories of temporary workers42 are required to complete the Code of Business Conduct training every two years, with annual training conducted under our HCC policies for those individuals whose functions are related to interactions with, or payments to, healthcare professionals or government officials. The Code training is available in 27 languages and our annual HCC training in 23 languages.
Additional details concerning policies and procedures that define what we expect of our people and our business partners throughout the world can be found in our Policies & Statements.
We believe that compliant business practices support a positive environment in the healthcare marketplace by putting the focus on patient care and ethical competition.
Our robust global compliance program is long-standing, as is our commitment to ethics, transparency and well-established protocols around how we market and sell our medicines, medical devices and other products. They are foundational to our commitment to:
- Keeping medical and governmental decision-making free from improper industry influence;
- Promoting fair competition;
- Ensuring lawful promotion of regulated products;
- Disclosing accurate pricing information to government healthcare programs; and
- Ensuring compliance with applicable healthcare compliance, anti-corruption laws and regulations, and relevant industry codes.
Our compliance guidelines and policy requirements meet or exceed legal and regulatory requirements in every jurisdiction where we operate, and are aligned with industry standards and requirements, as well as regional or country industry codes of conduct including Advancing Medical Technology Association (AdvaMed), Asia Pacific Medical Technology Association (APACMED), Pharmaceutical Research and Manufacturers of America (PhRMA) and the European Federation of Pharmaceutical Industry Associations (EFPIA). In addition, Johnson & Johnson actively participates in the work of industry associations, and helps develop industry codes designed to ensure ethical and compliant marketing and selling of our products. For more information about our approach to ethical marketing, see Ethical Sales & Marketing Practices Statement.
Our global compliance program is based on the following fundamental elements:
- Robust compliance governance framework;
- Well-defined and clearly communicated standards of compliance;
- Continuous compliance monitoring through internal assessments and audits;
- Effective and timely response to detected deviations from compliance standards, including developing and following through on corrective action plans, including disciplinary actions when appropriate;
- Ensuring open lines of communication;
- Ongoing training and education; and
- Proactive risk management.
Under the Company’s compliance framework, our Chief Compliance Officer has overall responsibility for the management of our healthcare compliance program. He reports directly to our Executive Vice President, General Counsel, who is a member of the Executive Committee. The Chief Compliance Officer also has a direct reporting line to the Regulatory, Compliance & Government Affairs Committee of the Company’s Board of Directors, providing quarterly reports and reviews of our global compliance and privacy programs. Each substantial operating company has a designated healthcare compliance officer, part of whose job is to help ensure compliance with—and provide guidance and training on—the Company’s policies and practices related to the healthcare industry. In addition, the Company’s Law Department also provides direct guidance and training on the Company’s Policies.
Potential violations or issues arising under our policies or laws and regulations are reported internally within the organization to senior management and, as appropriate, also shared with the Johnson & Johnson Executive Committee, the Board of Directors, relevant Committees of the Board and/or the external auditors. When public disclosure criteria are met, anticompetitive behavior, antitrust claims, product liability claims, and lawsuits that cover customer health and safety, labeling or marketing, as well as corrective actions and resulting fines and penalties, are outlined in our 10-Q and 10-K filings. See Note 21 on page 81 of our 2017 Annual Report.
With the complexity of the healthcare environment continuing to evolve, our global compliance program is focused on strengthening and optimizing core programs and processes; elevating our integrated approach to data, metrics and analytics; and leveraging the power of technology for all components of our global compliance program. Each year we conduct risk assessments of our operations to identify areas where additional attention or modification to our programs may be required to ensure they continue to be robust and effective. Ongoing improvement programs and projects are also implemented to ensure we are maintaining our programs in an efficient and effective fashion, as well as to ensure they remain current with changes in both the business environment and with the demands and expectations of our diverse stakeholders, laws, regulations and industry standards.
Johnson & Johnson takes a strong stance against bribery consistent with the anti-bribery laws that exist in many countries around the world, and complies with all anti-bribery and corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act, the UK Bribery Act, and other applicable local anti-bribery and corruption laws and regulations. Our Code of Business Conduct expressly prohibits bribes, kickbacks, illegal payments and any other offer of items of value that may inappropriately influence or reward a customer to order, purchase or use our products and services, whether provided directly or through a third party, e.g., a distributor, customs broker or other agent.
We have written policies, procedures and internal controls at all levels of the organization designed to ensure compliance with anti-bribery/anti-corruption laws. We test, evaluate and refine these internal controls on an ongoing basis. Continuous monitoring includes full documentation of existing accounting and internal control systems as well as record-keeping of the monitoring and evaluation procedures.
Our policies require that all employees with relevant job functions complete anti-bribery and anti-corruption training. The training covers the core aspects of our Health Care Business Integrity Guide, including charitable contributions, donations, gifts, third-party intermediary (e.g., distributors) and cross-border interactions. Further, we expect our suppliers to embrace high standards of ethical behavior that are consistent with our own. Our requirements for suppliers are outlined in Johnson & Johnson Responsibility Standards for Suppliers.
Our HCC function works with a range of specialist departments throughout the Company, including Legal and Procurement, to ensure ongoing compliance with Johnson & Johnson’s anti-bribery/anti-corruption standards. HCC conducts monitoring and testing of operations at our operating companies for compliance with our healthcare policies on a regular basis. The scope and frequency of such monitoring is determined based on our risk assessments as well as the local operating company requirements and local conditions.
HCC also works closely with our Corporate Internal Audit (CIA) and Law Department to investigate potential incidents of non-compliance relating to anti-bribery/anti-corruption. Generally, our more than 260 operating companies are audited by CIA for compliance with our HCC programs (including anti-bribery/anti-corruption) typically on a three-year cycle for our higher-risk companies, or a five-plus-year cycle for our lower-risk companies, with more frequent testing and monitoring of select areas of our businesses conducted by the HCC organization.
Johnson & Johnson uses both internal and external criteria, including the Transparency International Corruption Perceptions Index, as well as market- and business-specific risk factors, to determine the risk profile of our operating companies and businesses. The scope of audits covers a range of commercial activities associated with bribery and corruption risk, including sales and distribution, engaging healthcare providers and other third parties for services, gifts or items of value, tendering and cross-border interactions. All of these topics also are the subject of training at our operating companies. In addition to the healthcare compliance-related audits, CIA conducts financial audits that serve in a supplemental capacity as both a preventive and detective element of our compliance program.
Information on these audits and reviews is included in regular updates to the Regulatory, Compliance & Government Affairs Committee of the Board of Directors. Where audits or our testing and monitoring activities identify questionable activities, these issues are escalated to an internal Triage Committee, which determines appropriate action to take, including commencement of for-cause investigations.
Our Credo Hotline is an integral component of the strong compliance culture at Johnson & Johnson. It provides a channel for all employees, contractors, customers, third-party agencies and other partners to report potential violations of the Code of Business Conduct, other Company policies or the applicable laws and regulations in the countries of our operations. The Credo Hotline is available 24 hours a day, 7 days a week, in 23 languages. The concerns can be filed both electronically on www.credohotline.com or by calling a toll-free number (international dialing instructions are on the same website).
Additionally, anyone can report allegations through other methods (by phone or e-mail, etc.) within their local business unit or to CIA, HCC, Law, Security or the Human Resources organizations. Our Escalation Procedure Policy also requires all employees to escalate any violations of our policies or applicable laws, and our management teams around the globe are reminded annually of the requirements of this policy. We act swiftly to review any reported violations of our Code of Business Conduct, compliance policies, laws or regulations.
Addressing Non-Compliance and Misconduct
All Credo Hotline reports are routed by our external vendor to CIA (or Human Resources, if appropriate). A Triage Committee comprised of the Chief Compliance Officer, Internal Audit and the Law Department review the allegations from both the Credo Hotline and the noted other channels to determine the best means to investigate, with most issues investigated by or under the direct supervision of Law, HCC&P, or CIA. The Human Resources organization reviews and takes action with respect to any human resources-related issues. In 2017, there were 693 escalated ethics/compliance-related cases, for which investigation was initiated through Triage Committee Process. The breakdown by issue category can be found in the table on the right.
The specific details of allegations of violation of our policies or legal requirements are subject to confidentiality, legal, privacy or other similar restrictions and, therefore, are not publicly disclosed. However, general information around the types of issues and the annual volume coming into our hotline are reflected in the chart [above]. Additionally, this information is reported externally in our public filings if it meets the criteria for requiring public disclosure.
42 Temporary workers are those supplied by third-party agencies. These agencies are the worker’s employer of record. Temporary agency workers are intended to supplement existing workforce or temporarily replace another worker. These workers include clerical, industrial and professional temporary labor (e.g., Engineering, Marketing, Finance, Human Resources, R&D, Procurement, IT, etc.).