Skip to content
Last week, in partnership with Ethics and Compliance Switzerland, we hosted an exclusive webinar exploring one of the most pressing challenges facing the life sciences industry today: how to effectively manage human rights and corruption risks across complex third-party networks.
From clinical trial sites and distributors to manufacturers and logistics partners, life sciences companies operate within vast, global ecosystems. With increasing regulatory scrutiny and the emergence of mandatory human rights due diligence frameworks, organisations are under growing pressure to ensure their third-party risk management (TPRM) programmes are both robust and scalable.
Bringing together industry expertise, the session featured:
- Aditi Wanchoo, Director of Human Rights at Novartis
- Patrick Wellens, Chairman of Ethics and Compliance Switzerland
- James Swenson, Managing Director at Ethixbase360
The discussion focused on how organisations can evolve their due diligence and monitoring programmes to meet shifting regulatory expectations, while remaining practical, proportionate, and aligned with business realities.
Key Insights from the Discussion
1. Different maturity levels drive different approaches
There is no one-size-fits-all approach to human rights due diligence. Organisations are at varying stages of TPRM maturity, and this directly influences how they embed human rights considerations.
Some companies are integrating human rights into existing TPRM frameworks, leveraging established processes and infrastructure. Others are developing standalone workstreams depending on organisational structure and priorities. Ultimately, the approach depends on internal maturity, resources, and strategic priorities, but alignment and clarity are key to ensuring effectiveness.
2. Risk assessments are foundational
A strong risk assessment framework is critical to any human rights due diligence programme.
Companies must first understand their inherent risk exposure by evaluating:
- Operations
- Geographic footprint
- Third-party ecosystem
While baseline models such as those based on jurisdiction or company type provide a useful starting point, they are not sufficient on their own. Internal factors, business models, and sector-specific nuances play an equally important role.
A more tailored, holistic assessment enables organisations to prioritise efforts where they matter most.
However, efficiency is equally important. Asking third parties to complete extensive questionnaires at scale is neither practical nor effective. A more targeted approach, such as screening suppliers against relevant databases and deploying detailed questionnaires only for higher-risk entities can significantly improve both response rates and data quality.
Equally, organisations should aim for a holistic view of third-party risk. Fragmented approaches where separate tools, methodologies, and assessments are used for human rights, sanctions, anti-corruption, and IT security can create inefficiencies and fatigue for suppliers. An integrated framework helps streamline processes while improving overall risk visibility.
3. A risk-based approach is essential for scalability
For large organisations, reviewing every third party is neither practical nor efficient.
A clearly defined, risk-based approach allows companies to allocate resources strategically and scale their programmes effectively. This approach should be embedded in policy and applied consistently across the business.
Key risk indicators may include:
- Geography
- Industry
- Nature of the relationship
- Spend thresholds
By focusing on higher-risk areas, organisations can enhance both efficiency and impact, without compromising on compliance.
Importantly, due diligence should not be viewed as a one-time exercise at onboarding. Ongoing monitoring across the lifecycle of the third-party relationship is essential to ensure risks are continuously identified and managed as circumstances evolve.
Leveraging data-driven insights across suppliers and extended value chains including N-1 and N-2 relationships can further strengthen programmes. This enables organisations to proactively identify emerging risks, rather than relying solely on reactive assessments.