Vertex Pharmaceuticals Incorporated (“Vertex”) conducts its business throughout the world in accordance with all applicable laws and regulations. Vertex expects all employees, officers, and directors, and any vendor doing, or seeking to do, business with or on our behalf to conduct their business with ethics and integrity, and comply with all applicable laws and regulations.
The key components of our Compliance Programme are described below, addressing each of the seven elements of an effective compliance programme as outlined by guidance issued by the Office of Inspector General, U.S. Department of Health and Human Services (OIG). As the OIG Guidance envisions, we have designed our Compliance Programme to fit the size, resources, market position, and other unique aspects of our company. At Vertex, we recognise that an effective compliance programme must evolve and respond to the changing circumstances of the company and its environment. To this end, we are committed to continuous quality improvement based on regular review, assessment, and development of the Compliance Programme and the changing regulatory and business environment.
1. Responsibility and Oversight
Vertex has designated a Chief Compliance Officer (“CCO”), who is responsible for developing, overseeing, and monitoring the operation of our Compliance Programme. Our CCO has the authority to exercise appropriate professional judgment regarding the Compliance Programme, and to develop and implement revisions and improvements as needed to maintain an effective Compliance Programme. Our CCO reports to our Chief Legal Officer, and has independent reporting authority and responsibility to our Board of Directors on compliance-related matters.
Vertex has also established a Compliance Committee to advise the Chief Compliance Officer. The Compliance Committee is comprised of representatives, director-level and above, from line functions across the company. The Compliance Committee is charged with oversight of Vertex’s Compliance Programme and meets at least quarterly to review and develop action plans to address compliance-related matters.
2. Policies and Procedures
Vertex’s Code of Conduct is our statement of ethical and compliance principles that guide our daily operations. The Code of Conduct establishes key ethical principles that we expect management, employees, contractors, and agents of the company to follow, as well as standards to help ensure compliance with applicable laws and company policies. To emphasise the importance of the principles and guidelines contained in the Code of Conduct, we require each of our employees to certify that he or she has read and agrees to abide by all Vertex policies and procedures.
In addition to our Code of Conduct, Vertex has developed and implemented policies, procedures, guidelines, work instructions, and other instructions to, among other things, address potential risk areas for pharmaceutical manufacturers including those identified in the OIG Guidance. Our policies and procedures also help ensure that Vertex adheres to the standards of the PhRMA Code.
3. Education and Training
Education and training are essential to effectively communicating our standards and requirements to our personnel, and enabling them to perform in accordance with them. All personnel are provided training on Vertex’s Code of Conduct and on the compliance-related policies, procedures, guidelines, and work instructions applicable to their job functions. We maintain and monitor training records to help ensure all personnel have received required training. Education and training are critical elements of our Compliance Programme, specifically with regard to training personnel on their legal and ethical obligations under applicable state and federal health care programme requirements.
4. Internal Communication and Reporting
Vertex is committed to fostering an active and healthy dialogue between management and employees regarding ethical and compliance-related matters. Vertex personnel are encouraged to seek answers to compliance-related questions, and are provided with guidance on how to access compliance-related information, including how to report potential compliance concerns. Vertex understands that its personnel must not just know how to access compliance-related resources, they must feel comfortable doing so without fear of retaliation. Vertex has adopted policies and procedures that strongly encourage all personnel to report potential suspected compliance concerns. These policies and procedures include measures intended to ensure that appropriate reports will not subject the person making the report to retaliation by Vertex or its personnel. Vertex has established an online tool to report potential compliance concerns, which can be found here. Information about Vertex’s Compliance Alert Line is given to all personnel as a part of new hire orientation, continuing compliance training, and is made available on our intranet site.
5. Auditing and Monitoring
Vertex’s Compliance Programme includes compliance-related monitoring and auditing functions to help evaluate on-going compliance with our compliance-related policies and procedures. Consistent with the OIG Guidance, we take a number of factors into consideration when determining the nature, extent, and frequency of our compliance monitoring and auditing activities. New legal requirements, developments in business practices, and similar considerations may result in new or revised compliance-related monitoring and auditing activities. We review our compliance-related monitoring and auditing activities on a regular basis to help ensure that significant compliance-related risks are appropriately addressed.
6. Enforcement and Discipline
Vertex maintains policies and procedures for addressing potential compliance-related concerns. These help ensure that relevant facts and circumstances are understood and considered in connection with all enforcement and disciplinary activities. These policies and procedures are intended to help ensure that appropriate and consistent action is employed to address inappropriate conduct and deter future infringements.
7. Corrective Action Procedures
Vertex works on an on-going basis to help ensure compliance with state and federal health care laws, as well as with our internal compliance-related policies and procedures. We believe that our Compliance Programme increases the likelihood of preventing or identifying unlawful and unethical behaviour. We recognise, however, that even an effective compliance programme will not prevent all infringements. Our Compliance Programme, therefore, requires the company to respond promptly to potential infringements of law or Vertex policy, take appropriate disciplinary action, assess whether the violation may be due to gaps in our policies, practices, or internal controls, and take appropriate corrective action to prevent or limit future infringements.
8. Risk Assessment
Vertex regularly conducts a compliance risk assessment to ensure that its compliance programme continues to address appropriate compliance risks.
Vertex is committed to conducting all of our activities in compliance with applicable laws and ethical standards. We believe we have developed and implemented an effective Compliance Programme, and we will continue to work to improve our Compliance Programme and all of our compliance-related activities.
Last Revised April 2021