skip to content

Risk management

The Rochedescribes our approach for managing material risks – the possibility that an event will occur and adversely affect the achievement of Roche’s objectives.

Risk Management is an integral part of the Roche Group’s business practice on all levels. Risk Management includes:

  • Identification,

  • Analysis and evaluation of risks & opportunities,

  • Appropriate response plans,

  • Monitoring and reporting of risks & opportunities to provide assurance regarding the achievement of objectives.

At Roche Group level this is formalised in the Group Risk Management Process, where divisions, relevant divisional and Group functions assess risks & opportunities and develop plans for the most material ones identified. This happens in parallel to the development of the business plans.

The consolidated Group Risk Report is then discussed and approved together with the business plan by the Corporate Executive Committee and reviewed by the Board of Directors.

This process is supported by Group Risk Advisory, being responsible for the necessary alignment, coordination and development of Group Risk Management. The Group Risk Management Process is continuously improved through stakeholder feedback and effectiveness evaluation, and when appropriate through external reviews.

Beside this core activity, Group Risk Advisory fosters best practice, e.g. through risk & opportunity management education and raising of risk & opportunity management awareness. Education includes an online training open to all employees, as well as practice labs or customised trainings for line managers and Risk & Opportunity Managers.

Additionally, upon request, either e.g. regions or affiliates are supported in the establishment of their own Risk & Opportunity Management Process, as is the case for specific projects or focus areas (e.g. regarding Human Rights). In this area, a risk management programme designed to systematically identify, analyse, mitigate and adequately manage potential risk of human rights violations has been implemented. This risk management programme is not limited to our operations, it covers our value chain and activities related to our business. Identified risks are discussed within the Corporate Sustainability Steering Committee. Currently, the four identified top risks - including vulnerable groups, such as patients, employees, suppliers and business partners – are Data Privacy, Safe workplace (incl. health risks), Working Conditions (incl. child, forced or compulsory labour, harassment and discriminations) and Employee Associations. For further information, please visit our

Beside Group Risk Advisory, many other 2nd lines of control functions perform risk management activities and trainings (e.g. Healthcare Compliance, Medical Compliance, Safety, Health & Environment (SHE), Quality, Procurement, Pharma Global Technical Operations). In addition, many cross-functional risk activities occur within Roche, a few of which are described below as examples.

Financial Risk Management within the Group is governed by policies reviewed by the Board of Directors. Policy implementation and day-to-day Risk Management are carried out by the treasury functions and regular reporting on these risks is performed by the relevant accounting and controlling functions.

At Roche Group level, a global Crisis Management organisation is established. Every subsidiary of the Group has furthermore established Emergency Management teams, with corresponding alarm and escalation procedures and authority to act quickly in the event of emergencies/crises. Also, at Roche Group level there is a Roche Emergency Management Organisation and Support (REMOS), which supports Local Emergency Management when needed. These teams comprise operational line management with appropriate authority and they rehearse different crisis scenarios regularly.

A risk-based compliance management approach was developed for one of the regional organisations to target compliance efforts in areas at most risk. A Compliance & Risk Management Office has been established to address specific risks in the procurement area.

Safety, Security, Health and Environmental risks are managed by Group SHE. A comprehensive bottom-up approach is used to identify and assess all SHE risks, which are consolidated in a risk inventory and integrated into the Roche Group Risk Report.

Product Development continues to apply a consistent methodology for identification and management of risks and opportunities that could impact achievement of development projects.

Digital Media risks and opportunities continue to be monitored and managed by a cross-functional group.

A group wide Business Continuity Programme aims to further strengthen Roche’s business continuity management (BCM) to ensure that all sites respond effectively to catastrophic events and deliver a minimum acceptable level of key products and services. The respectiveand guideline are in place, facilitating a consistent and aligned local implementation.

Business environment trends

Roche considers Sustainability in the broader context to include three elements: society, the environment and economy.

Group Risk Advisory is responsible for assessing social, environmental, economic and governance trends, which is achieved through the ‘Business Environment Trend Analysis’.

Each year, emerging trends (including associated risks & opportunities) are identified from internal and external sources and are reviewed by selected internal stakeholder groups. These trends represent key areas that serve to raise internal awareness, so that the associated risks & opportunities can be considered as appropriate by Roche Risk & Opportunity Managers in the assessments of their respective business units. Responses to these business environment risks & opportunities are developed at the business unit and/or Group level as part of the Group Risk Management Process.

The business environment trends identified for 2025 are:

Accelerated Technological Transformation: Technological transformation, in particular artificial intelligence and other frontier technologies across industries and societies continue to disrupt and create a wide range of opportunities. However, this shift also brings significant uncertainty and unpredictability regarding its implications on economies, businesses and/or individuals, alongside complex ethical, regulatory, and operational challenges.

Healthcare Evolution Challenged by its Affordability: Global healthcare further evolves towards a continuum of care approach. Integrated solutions (products and services) increasingly leverage the use of data and data insights. Societies’/payers’ expectations for cutting-edge healthcare solutions are contrasted by their ability and/or willingness to afford the increasing cost of innovation.

Political Complexity and Geoeconomic Confrontations: Evolving political power dynamics and global instability lead to economic realignments, trade tensions and disruptions to systemically important supply chains, creating an increasingly complex and unpredictable business environment.

Growing Need for Climate Change Adaptation: The growing need for adaptation to address long-term and potentially irreversible damage to the earth's systems through climate change is becoming increasingly apparent. Changes to the global climate impact natural resource availability, accessibility, affordability, quality and quantity worldwide.

Accelerating Spread of Mis- and Disinformation: Persistent false information (deliberate or unintended) widely disseminated through states, populists, media organisations and social media significantly altering public opinion, accelerated through the fast arising of artificial intelligence.

Increase in Infectious, Chronic and Mental Diseases: Continuous threat from newly emerging or resistant infectious diseases could lead to epidemic/pandemic crises. Increasing prevalence of non-communicable diseases (chronic physical and mental health conditions), partially owed to ageing population and rising inequality across multiple demographics, negatively impacts wellbeing.

Progressing Cyber Dependency and Vulnerability: Growing digital interconnectedness and Artificial Intelligence together with sophisticated cybercrime result in increased cyber exposure and vulnerability.

Societal Crises: Societal cohesion is diminishing due to ineffective social models that limit educational and economic opportunities (e.g. care crunch). This is compounded by rising political polarisation, mass migration, and demographic shifts, such as aging populations in developed countries alongside a youth bulge in developing nations. These factors contribute to growing discontent and threaten societal solidarity.

Lasting Economic Instability: Lasting global macroeconomic instability leading to collapse of systemically important industries and prolonged economic stagnation.

Workforce and Workplace Evolution: Companies increasingly embrace and experiment with agile organisational design and New Ways of Working requiring a shift in mindset and behaviours. Continuous rise of remote and hybrid work, gig economy, and artificial intelligence-driven automation are further transforming employment models, leading to an increasingly fluid workforce and -place.

To showcase two examples, the trends of "Healthcare Evolution Challenged by its Affordability" and "Accelerated Technological Transformation" are further analysed for possible risks and opportunities.

Trend descriptor: Global healthcare further evolves towards a continuum of care approach. Integrated solutions (products and services) increasingly leverage the use of data and data insights. Societies’/payers’ expectations for cutting-edge healthcare solutions are contrasted by their ability and/or willingness to afford the increasing cost of innovation.

Trend descriptor: Technological transformation, in particular artificial intelligence and other frontier technologies across industries and societies continue to disrupt and create a wide range of opportunities. However, this shift also brings significant uncertainty and unpredictability regarding its implications on economies, businesses and/or individuals, alongside complex ethical, regulatory, and operational challenges.

Chief Compliance Officer
Pascale Schmidt
Tel. +41(0) 61 688 48 90

The contents of this page are reviewed and updated regularly in the second quarter of each year or when necessary.