Photo credits: ©

Retour d’Expérience Sanofi

Collaboration RSE & Gestion des Risques
Réunion ORSE – 11 Juin 2019
Content

• Introduction

• Sanofi Risk Management overview

• Organization & Governance
• Risk Management methodology
• Focus on risks for which a strong coordination has been established with CSR
• Emerging risks

• Corporate Social Responsibility

• Duty of Vigilance
• Deep dive on Human Rights sub risks: identification & evaluation of risks

• Conclusion and Q&A

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 2
Introduction

• «Management for a rapidly changing world, resilient business strategies

require an enterprise risk management (ERM) approach that effectively
incorporate sustainability risks of material significance to the company,
such as climate change, natural resource availability & social volatility».
(Source: BSR – Nov.2018)

• The presentation is focused on the coordination established between

Sanofi Risk Management & Corporate Social Responsibility teams to
develop a common approach related to the Human Rights Risks including:
• Risk assessment methodology
• Monitoring of mitigation plans
• Reporting

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 3
Sanofi reports
2018 Integrated Report

- Proactive Risk Management

- CSR approach

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 4
Sanofi reports
Document de Référence 2018 – Chapitre 4

- Engagements sociaux, sociétaux et environnementaux en faveur du

développement durable
- Déclaration de performance extra financière & Plan de Vigilance

4.1 Engagements sociaux, sociétaux et environnementaux en faveur du

développement durable
- Accès aux soins pour les plus démunis (maladies infectieuses, maladies non
transmissibles)
- Capital humain
- Environnement

4.2 Déclaration de performance extra-financière et Plan de Vigilance

- Présentation
- Méthodologie de sélection des risques et enjeux majeurs
- Présentation des risques et enjeux
- Les politiques, plans d’actions et indicateurs de suivi
- Autres éléments relatifs au plan de vigilance

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 5
Sanofi Risk Management overview
Sanofi Risk Management - Organization
as of June 2019

Chief Executive Officer

Executive Vice-President
Senior Vice President
Strategy & Business
Head of Internal Audit & Risk
Development
Management
Chairman of the Risk Committee

Head of Sanofi Risk Evolution of RM strategy and framework

Management Monitoring of ‘Top Risks’
Reporting to the Executive Committee & Audit Committee
Secretary of the Risk Committee

Risk Management Network Monitoring of external

Risk Management Process
& Monitoring of mitigation trends & Management of
& Reporting
plans emerging risks
Network of risk coordinators Policies, guidance, tools & methodologies Monitoring of external trends
Coordination and consolidation of risk profiles Risk quantification Management of emerging risks
Monitoring of mitigation plans Risk management training
External reporting

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 7
Sanofi Risk Committee
The Sanofi Risk Committee has authority from the Executive Committee to oversee the effectiveness of a risk
management program, in order to provide reasonable assurance that Sanofi risks are managed to an acceptable level.

 Primary Care

Business
 China & Emerging Markets

Units
 Consumer Healthcare
 Specialty Care
 Vaccines EXTERNAL AFFAIRS
• Corporate Social Responsibility
• Global Communication
 Research & Development • Global Market Access
• Governmental & Public Affairs
Members of the Sanofi Risk  Industrial Affairs
Committee are representatives  Strategy & Business Development


Global Functions
External Affairs
from Business Units & Global  Medical Affairs  Information Technology & Solutions
Functions.  Global Quality  Global Finance
 Legal
 Human Resources
 Health, Safety & Environment
 Ethics & Business Integrity
 Internal Audit
 Business Transformation
 Corporate Security

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 8
 Active and Emerging risks
Risks ACTIVE RISKS NEW OR EMERGING RISKS

Sanofi
Risk
Sanofi
Tool Profile & Risk
Radar
Profiles of Bus
& Functions

Keyword PROACTIVITY ANTICIPATION

Velocity Short term Mid- to Long term

(time to impact) already impacting Sanofi or within 3 years Up to 5 years or more

Still unknown, weakly understood, ambiguous

Possible impact Reasonably known
(lack of reference framework and data)

Risk / benefit
Established Uncertain
balance for Sanofi

Follow standard risk management process and Gather data and build scenarios to better
Need
implement mitigation plans understand the potential impact on Sanofi

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 9
Risk Profile
Management of active risks

LIKELIHOOD
●

CERTAIN
Risk profiles are at the heart of the Risk
Management framework
● Risk Profiles are established and maintained at
the company level and within each of the Global

LIKELY
Business Units and Global Functions
● They are used to assess and prioritize risks for

POSSIBLE
proper treatment, monitoring and reporting

UNLIKELY
MINOR MODERATE MAJOR SEVERE

SEVERITY

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 10
Risk Profile: Management of active risks
Sanofi Risk Profile

Human & Social Rights

BUs & Functions
Risk Profiles

Continuous coordination & monitoring

Corporate social
Risk Management
responsibility

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 11
Sanofi Radar: Surveillance of emerging risks
● Emerging risks are expected to have a long
term impact on the company’s strategy VELOCITY
● They are not fully understood: SLOW
MEDIUM
• the situation is known but the balance benefit / risk for
the company and speed of unset are uncertain, or RAPID
• signals and related risks may have been dormant for a
while, with impact weak and ambiguous due to lack of VERY
data, complexity or volatility. RAPID

● They are now perceived and need analysis

IMPORTANCE

Assess the significance of the risk

LIKELIHOOD
impact in having notable worth or
influence the Sanofi development Assess the probability the risk
emerges and materializes for Sanofi
Very high Certain VELOCITY
Assess the speed at which a risk
Likely
High may impact the company.
OPERATIONS
Possible Velocity combines “time to impact”
Moderate and “perception of speed” being
Unlikely
increasing, static or decreasing.
Low

Réunion ORSE - June 2019 - Coordination CSR & Risk Management INTERNAL 12
Sanofi Radar - Surveillance of emerging risks
VELOCITY
SLOW
MEDIUM

RAPID

VERY
RAPID Climate change & impact on health

Surveillance of trends & emerging risks

Corporate social
OPERATIONS Risk Management
responsibility

. INTERNAL 13
Réunion ORSE - June 2019 - Coordination CSR & Risk Management
Focus on Human Rights risks
Sanofi’s vigilance plan
Major risks identified and risk management
Environment and
Patients Employees
local communities
I
Use of N
Health & Safety
Patients safety In charge: HSE natural resources (Water): T
In charge: Medical, In charge: HSE/CSR E
Quality/pharmacovigilance
R
Fundamental rights Environmental impacts N
(Soil, Air & Water)
In charge: CSR + RH A
Clinical trials In charge: HSE/CSR
In charge: R&D
L

Personal data protection Bio-piracy

In charge: R&D
In charge: Chief Privacy Officer

M&A /
Suppliers investment
projects: due
In charge: Procurement / CSR / HSE diligences

INTERNAL 15
Human rights: Identification & Evaluation of risks
In view of the Group's activities, qualification of the risks and sub-risks associated with human
rights at work leads to 7 priority issues:
SUB-RISKS OF FORCED LABOR
•Risk of using migrant workers in forced labor situations
•Risk of excessive working time
•Risk of a wage lower than the decent wage

SUB-RISKS OF CHILD LABOR

•Risk of a hazardous work performed by a child (under 18)

INABILITY TO RESPECT FREEDOM OF ASSOCIATION / SYSTEMIC DISCRIMINATION

Risk inherent in any structure with workers, closely linked to national legislation]

RISKS TO DISCRIMINATE OR TO NOT FULLY RESPECT THE FREEDOM OF ASSOCIATION

Isolated practices or at the site/management level

PSYCHO-SOCIAL RISKS INCLUDING HARASSMENT

Risks linked to work organization (Isolation, Private/Work balance) and relationships with colleagues or third parties]

INTERNAL 16
Human rights: Identification & Evaluation of risks
Which Human Rights factors?

•Level of qualification •Insufficient laws or •Gravity of the

of the workforce
Characteristics

laws that are contrary to potential risk

Country risk

Severity
•Working conditions international standards
•Number of potential
•“Vulnerable” persons, •Common practices of person impacted
more subject to human rights violations (risk of systemic or
discrimination and •Strong presence of isolated violations)
human rights vulnerable
infringements (women, populations on the •Reversibility
migrants, children, territory
persons with
disabilities…)

LIKELIHOOD

INTERNAL 17
Human rights: Identification & Evaluation of risks
Which activities?

Manufacturing & Sales & Marketing

Research & Development
Distribution

R&D and CF INDUSTRIAL AFFAIRS MARKETING & SALES

Risks factors Risks factors Risks factors

 Characteristics of the workforce: Very
qualified / feminized
 Working conditions: possible
overwork, precariousness of young
researchers
 Country risk
 Characteristics of the workforce:  Qualified / works alone /
Factories: less qualified / highly
 Risk of precariousness (remuneration
dependent on countries / suppliers on
system)
sites
 Relations with third parties
 Country risk dependent

INTERNAL 18
Human rights: Identification & Evaluation of risks
Identification and evaluation of the human rights risks

Migrant Wages Workings Hazardous work Freedom of association / non- Psycho-

workers hours (<18 ) discrimination social
risks
Systemic Isolated /
local
COUNTRIES COUNTRIES COUNTRIES
All All
LIKE- COUNTRIES COUNTRIES

LIHOOD

People impacted : potentially People impacted : People impacted : potentially People People
SEVE-
all potentially all all impacted: impacted:
RITY
few few

Migrant Wages Workings Hazardous work Freedom of association / non-discrimination Psycho-social

workers hours (<18 ) risks

Systemic Isolated / local

COUNTRIES COUNTRIES COUNTRIES

All COUNTRIES All COUNTRIES
CRITICA-
LITY

INTERNAL 19
Devoir de vigilance vs DPEF

• Même socle méthodologique mais en utilisant des critères propres à

chacune des législations.
• Pour la DPEF, les impacts pour Sanofi et les impacts pour les parties prenantes
• Pour le plan de vigilance, l’accent a été mis sur les impacts sur les personnes et
l’environnement.

• Ainsi les cartographies sont complémentaires et se recoupent très

largement avec certains risques qui demeurent spécifiques à l’une ou
l’autre des législations.

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 20
DV & DPEF 1/2

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 21
DV & DPEF 2/2

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 22
Key challenges & Conclusion

• How to address extra-financial risks within the framework of ERM?

Adequate criteria and deep dives
• Raw (inherent) risk vs Net (control) risk
• Frontier effect (where do you draw the line ?)
• Materiality (Is materiality an adequate proxy ?) vs risk and the DPEF
articulation (one dimension / two dimensions)

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 23
Q&A session

Réunion ORSE - June 2019 - Coordination CSR & Risk Management PUBLIC 24