The continuity of its clinical and R&D work relies on robust risk management © iStockphoto/Getty Images
The continuity of its clinical and R&D work relies on robust risk management © iStockphoto/Getty Images

Astellas Pharma: building protection against third-party risk

The pharmaceutical company’s EMEA procurement team took action to safeguard the business.

When Japanese pharmaceutical giant Astellas suffered reputational and operational damage following third-party supplier failures, the company knew it was time to overhaul its risk management strategy. Astellas, which operates globally across Europe, Africa, Asia and the US, generates around $12bn in sales, employs 17,000 people and wields a procurement spend of $3.7bn.

Sanctions from the Association of the British Pharmaceutical Industry (ABPI) in June 2016 meant risk management became increasingly vital to the company. “It drove a more holistic approach to managing third-party risk,” says Nick Jenkinson, senior director of procurement and CRE at Astellas.

For a highly fragmented business working across 40 countries, this was a challenge, particularly in the tightly regulated pharmaceutical industry. The company began by assessing what was already in place and collaboratively developing an approved supplier risk framework that was scaleable for use across EMEA, the US and Japan.

The EMEA procurement team, led by Jenkinson, took the lead and in early 2018 the ‘mySupplierRisk’ system was launched, addressing nine risk domains, including anti-bribery and corruption, financial solvency, pharmacovigilance, promotional, data security, business continuity planning and human labour rights. The system would roll out to 23 suppliers in nine languages within 10 months.

Processes were standardised wherever possible, with deviation occurring only where there were differing local statutory or legal requirements. The project involved improving corporate accountability, rationalising high-risk category suppliers, and implementing the platform globally.

“It’s about having the transparency and visibility in order to make effective decisions,” says Jenkinson.

The system has now been rolled out across 35 countries, and has been designed to be easy to use and to train people on, explains Jenkinson, this being essential for a system that has 900 end users. As he says, any new software introduction is only as good as the user adoption, which is why mySupplierRisk has been kept as simple as possible.

The technology development and transformation of business processes has been so successful that Astellas has been asked to advise other companies looking to implement similar changes, and in 2019 the project gained recognition when it won the CIPS SM award for Risk Mitigation.

First line of defence

​MySupplierRisk provides a one-stop-shop for ​third-party screening​, and is effectively the first line of defence. When issues are identified, they escalate to Astellas’s risk experts in the second line of defence.

At this stage, the relevant risk expert has three criteria to choose from in relation to supplier approval: ‘Clear’; ‘Decline: business owner is unable to use the supplier’ or ‘Clear with conditions: can progress under special conditions’. If a business user is unhappy with the outcome, a ​governance committee​ of procurement, ethics, compliance and legal experts is accessible. If further information is required, the company moves to its third line of defence, a physical audit of the supplier.

Hybrid of home and office/site based approx. 1 day per week.
Up to £40,000
Essex Cares
Rotherham, South Yorkshire
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates