Risk management

Identifying, analysing and responding appropriately to business risks and opportunities is vital to attaining Roche’s business objectives, protecting the interests of stakeholders and meeting legal requirements.

Managing risk and opportunities

The Roche Risk Management Policy describes our approach for managing material risks – the possibility that an event will occur and adversely affect the achievement of Roche’s objectives.

Risk Management is an integral part of the group’s business practice on all levels of the Roche group. Risk Management includes:

  • identification,

  • analysis and evaluation of risks,

  • the appropriate response,

  • tracking and reporting of risks to provide assurance regarding the achievement of objectives.

On Roche Group level this is formalised in the Group Risk Management Process, where Divisional and Group functions and business areas assess risks and develop plans for the most material ones identified. This happens in parallel to the development of the business plans.

A consolidated Group Risk Report is then discussed and approved together with the business plan by the Corporate Executive Committee and reviewed by the Board of Directors.

This process is overall supported by Group Risk Advisory, which is responsible for the necessary alignment, co-ordination and development of Group Risk Management. Continuous improvement is applied to the Group Risk Management Process through stakeholder feedback and maturity measurement, and when appropriate external reviews.

In addition, Group Risk Advisory is coordinating / consolidating various risk management activities across the organisation including training and risk awareness activities. Risk management trainings include customised trainings for line management and Risk Managers (including a mandatory online training). Further Risk Management trainings (virtual and classroom) are offered by Risk Advisory and are available to all employees. Additionally, upon request Risk Awareness workshops are conducted for functions and regions and Roche Affiliates can receive risk management training to establish their own Risk Management process. These activities also focus on identification and management of risks as well as opportunities.

Also under the lead of Group Risk Advisory, a Risk Forum was kicked off in 2014 to create a cross functional network to explore new ways to raise risk awareness across the organisation. This has evolved into a Risk & Opportunity Alliance (ROAD) which conducts innovation dialogues/workshops to address complex topics which have a cross functional/divisional significance.

We also implemented a risk management programme designed to systematically identify, assess, mitigate and adequately manage the risk of human rights violations. This risk management programme does not only apply to our operations, but likewise to our value chain and activities related to our business. We discuss and assess identified risks within the Corporate Sustainability Steering Committee. At the time being, the four identified top risks - including vulnerable groups such as patients, employees, suppliers and business partners – are Data Privacy, Safe workplace (incl. health risks), Working conditions (incl. child, forced or compulsory labour, harassment and discriminations) and Employee association. For further information, please visit our Human Rights Website .

Beside Group Risk Advisory many other 2nd lines of controls perform risk management activities and trainings (e.g. Healthcare Compliance, Medical Compliance, Safety, Health & Environment (SHE), Quality, Procurement, Pharma Global Technical Operations, etc.). In addition, many cross-functional risk activities occur within Roche, a few of which are described below as examples.

Financial Risk Management within the Group is governed by policies reviewed by the Board of Directors. Policy implementation and day-to-day Risk Management are carried out by the treasury functions and regular reporting on these risks is performed by the relevant accounting and controlling functions.

Crisis Management, where every subsidiary of the Group have established Emergency Management teams, with corresponding alarm and escalation procedures and authority to act quickly in the event of a crisis. Also, at Roche Group level there is a Roche Emergency Management Organisation and Support (REMOS), supporting Local Emergency Management when needed. These teams comprise operational line management with appropriate authority and they rehearse different crisis scenarios regularly.

A risk-based compliance management approach was developed in 2013 for one of the regional organisations to target compliance efforts to areas most at risk. A Compliance & Risk Management Office has been established to address specific risks in the procurement area.

Safety, Security, Health and Environmental risks are managed by Group SHE. A comprehensive bottom-up approach is used to identify and assess all SHE risks which are consolidated in a risk inventory and integrated into the Roche Group Risk Report.

Product Development continues to apply a consistent methodology for identification and management of risks that could impact achievement of development projects.

Digital Media Risk and opportunities continue to be monitored and managed by a cross-functional group.

A group wide Business Continuity Programme aims to further strengthen our business continuity management (BCM) to ensure that all sites respond effectively to catastrophic events and deliver a minimum, acceptable level of key products and services. The respective Group BCM policy and guideline is in place, facilitating a consistent and aligned local implementation.

Business sustainability risks and opportunities

We consider Sustainability in a broader context to include three elements: society, the environment and economy. The three elements are interdependent .

The Corporate Sustainability Steering Committee is responsible for assessing social, environmental and ethical trends, which is done through the ‘Business Sustainability Risk Assessment’ process. Each year, emerging trends (including associated risks and opportunities) are identified from internal and external sources and are reviewed by selected internal stakeholder groups and the top 5 business sustainability trends are approved by the Corporate Sustainability Steering Committee. These trends represent key areas where we would like to raise internal awareness so that the associated risks and opportunities can be considered as appropriate by our Roche Risk Managers in the respective Risk Assessment of their business unit. Since 2013 these Business Sustainability trends have been reported, first in the Roche Annual Report, now in the complementing part on the internet. This process continues to evolve and is reviewed by the Corporate Sustainability Steering Committee annually.

These top 5 business sustainability trends and associated risks and opportunities are also shared with the Group Risk Managers involved with the Group Risk Management Process where they are then considered and if relevant included within scope of respective risk assessments. Mitigation of these business sustainability risks and opportunities are done at the business unit and/or group level as part of the Group Risk Management Process.

The 5 business sustainability trends identified for 2021 are:

  • Technological Transformation: The accelerated technological transformation driven by the digital evolution increases the unpredictability of implications on new and existing markets as well as on business and working models.

  • Environmental Degradation and Climate Change: Change of climate, ecosystem collapse, which are attributed directly or indirectly to human activity, that alter availability, accessibility, affordability, quality and quantity of fresh water/food, other natural resources and change the composition of the global atmosphere, in addition to natural climate variability.

  • Healthcare Evolution: The Healthcare evolution develops towards a continuum of care approach, including prevention, detection, treatment and cure, offering a wider range of solutions (products and services).

  • Economical Instability: Debt crises and asset bubbles in large economies coupled with prolonged economic stagnation leading to bankruptcies and collapses of systemically important industries.

  • Societal Crises: Ineffective social models with limited economic and educational prospects are likely to lead to dissolution of societal solidarity and exacerbate mental health deterioration and youth disillusionment.

Using Healthcare Evolution and Societal Crises as examples you can see below how these are then developed into specific risks and opportunities at the level of the functions where specific mitigations are applied and managed.

Trend descriptor: The Healthcare evolution develops towards a continuum of care approach, including prevention, detection, treatment and cure, offering a wider range of solutions (products and services).

Technological developments: Allow prevention and improved treatment and new ways of demonstrating value; innovative products and services are being developed at an unprecedented rate, also offering curative treatments for previously incurable diseases; patients having increased interest in their data and taking more control
Disruptive innovation and competition: New competitors/ new players (e.g. non-pharma, Google, Amazon), changes in business models, products, services and value chain as well as the operational processes
Pervasive backlash against science:: Censure, denial and/or scepticism towards scientific evidence and the scientific community at a global scale, resulting in a regression or stalling of progress on climate action, human health and/or technological innovation
Associated opportunities and risks (threats):
Explore new business models and markets
Exploring holistic solutions, new products and services
Evolving PHC across Pharma and Diagnostics and build a profitable insights business
Engaging in new strategic partnerships with companies from different industries and expanding innovation capabilities
On-demand patient interaction
Collaborate with/acquire chip maker for 24/7 in-vivo blood monitoring and device manufacturers on controlled release technologies
Leverage crowd innovation and international scientific collaboration network of universities, hospitals and healthcare foundations
Gaining faster regulatory approvals of our products and solutions through RWE
Telemedicine and online advice (e.g. "Roche NetDoctor")
Risks (Threats)
Inability or failure to compete in the digital health arena
Challenges of integrating companies from different business areas
Unwillingness of the society and payers to pay/reimburse for technological improvements and the value of innovation
National approaches towards healthcare data can lead to a very segmented landscape requiring high efforts to make data usable
Legal/regulatory frameworks differ at country level (e.g. use of genetic data) and change rapidly
Inability or failure to position ourselves as an attractive and trustworthy company

Responses to address potential risks & opportunities:

  • Development of Software-as-a-Service, mobile apps (for patients and HCPs), e.g mySugr app from Diabetes Care

  • Broaden cloud-based decision support

  • OneRoche integrated Personalised Healthcare (PHC) solution projects in selected countries

  • Increased collaboration between Pharma and Diagnostics in marketing new types of products

  • Accelerate delivery of patient-centric care through truly integrated diagnostics with clinical decision support, integrating imaging data for comprehensive patient diagnostic information for improved treatment decisions

  • Build cloud-enabled integration engine to support digital health ecosystems

  • Introduce NAVIFY Symptom Tracker (remote monitoring of COVID-19 symptoms)

Additional information on the trend, its potential impact and related responses:

Trend descriptor: Ineffective social models with limited economic and educational prospects are likely to lead to dissolution of societal solidarity and exacerbate mental health deterioration and youth disillusionment.

Employment and livelihood crises: Structural deterioration of work prospects and/or standards for the working-age population: unemployment, underemployment, lower wages, fragile contracts, erosion of worker rights etc.
Erosion of social cohesion: Loss of social capital and a fracture of social networks negatively impacting social and economic stability and equality, individual wellbeing and economic productivity, as a result of persistent public anger, distrust, divisiveness, lack of empathy, marginalisation of minorities, political polarisation etc.
Widespread youth disillusionment: Youth disengagement and lack of confidence and/or loss of trust with existing economic, political and social structures at a global scale, negatively impacting social stability, individual well-being and economic productivity
Severe mental health deterioration: Pervasiveness of mental health ailments and/or disorders globally and across multiple demographics, negatively impacting wellbeing, social cohesion and productivity: anxiety, dementia, depression, loneliness, stress etc
Associated opportunities and risks (threats):
Flexible working models and shifts in the ways of working
More aligned with societal demands and needs (e.g. elderly care)
Continue investing into educating mature employees to act as knowledge/capability pillars of the organisation
Position Roche as attractive employer through our purpose
Emphasis on preventive healthcare
New pricing models
Ability to keep qualified, highly specialised staff longer in the company
Venture into therapeutic areas affecting predominantly the older segment of society
Offer telemedicine channel to ensure optimal access to Roche products/services
Drive public-private partnerships and initiatives (e.g. call for solidarity, UN SDGs)
Risks (Threats)
Inflexibility of the working culture to accommodate diverse expectations and aspirations of different generations
Increasing elderly care “burden” for and on employees
Disconnection (social exclusion) of “older” generations in a highly digitalised environment
Shifting retirement ages
Challenge of identifying attraction and retention approaches for a diverse workforce
Increased number of staff suffering from mental health diseases
Knowledge drain particularly in highly specialised business sectors
Pressure on pension funds
Increasing price pressure with impact on healthcare costs

Responses to address potential risks & opportunities:

  • Safe workplace is a human right. Every site performs workplace health risk assessments and has mitigation plans

  • We recognise the importance of health & well-being of employees & provide various offerings to educate & support employees and their families, including Wellbeing weeks at all sites each year to promote awareness & education about healthy lifestyles, nutrition, emotional wellbeing

  • Flexible work arrangements help employees balance life & work (part-/flexi-time, flexi-retirement, job-sharing, working from home)

  • Parental leave for men & women, childcare facilities and other provisions help employees combine their career and family roles

  • Supporting employees & family members in need of care, providing free advisory (e.g. psychological stress support, help to locate residential places for family members) and family leave/unpaid care time

In the Covid pandemic, Roche stands side by side with governments, healthcare providers and all those working to overcome the pandemic

Additional information on the trend, its potential impact and related responses:


Chief Compliance Officer
Pascale Schmidt
Tel. +41(0) 61 688 48 90
E-mail to Group Compliance Officer

The contents of this page are reviewed and updated regularly in the second quarter of each year or when necessary.


Discover more