Compliance Program

1. Responsibility and Oversight

Vertex has designated a Chief Compliance Officer (“CCO”), who is responsible for developing, overseeing, and monitoring the operation of our Compliance Program. Our CCO has the authority to exercise appropriate professional judgment regarding the Compliance Program, and to develop and implement revisions and improvements as needed to maintain an effective Compliance Program. Our CCO reports to our Chief Legal Officer, and has independent reporting authority and responsibility to our Board of Directors on compliance-related matters.

Vertex has also established a Compliance Committee to advise the Chief Compliance Officer. The Compliance Committee is comprised of representatives, director-level and above, from line functions across the company. The Compliance Committee is charged with the oversight of Vertex’s Compliance Program and meets at least quarterly to review and develop action plans to address compliance-related matters.
 

2. Policies and Procedures

Vertex’s Code of Conduct is our statement of ethical and compliance principles that guide our daily operations. The Code of Conduct establishes key ethical principles that we expect management, employees, contractors, and agents of the company to follow, as well as standards to help ensure compliance with applicable laws and company policies. To emphasize the importance of the principles and guidelines contained in the Code of Conduct, we require each of our employees to certify that he or she has read and agrees to abide by all Vertex policies and procedures.

In addition to our Code of Conduct, Vertex has developed and implemented policies, procedures, guidelines, work instructions, and other instructions to, among other things, address potential risk areas for pharmaceutical manufacturers including those identified in the OIG Guidance.
 

3. Education and Training

Education and training are essential to effectively communicating our standards and requirements to our personnel, and enabling them to perform in accordance with them. All personnel are provided training on Vertex’s Code of Conduct and on the compliance-related policies, procedures, guidelines, and work instructions applicable to their job functions. We maintain and monitor training records to help ensure all personnel have received required training. Education and training are critical elements of our Compliance Program, specifically with regard to training personnel on their legal and ethical obligations under applicable state and federal health care program requirements.

4. Internal Communication and Reporting

Vertex is committed to fostering an active and healthy dialogue between management and employees regarding ethical and compliance-related matters. Vertex personnel are encouraged to seek answers to compliance-related questions, and are provided with guidance on how to access compliance-related information, including how to report potential compliance concerns. Vertex understands that its personnel must not just know how to access compliance-related resources, but they must feel comfortable doing so without fear of retaliation. Vertex has adopted policies and procedures that strongly encourage all personnel to report potential suspected compliance concerns. These policies and procedures include measures intended to ensure that appropriate reports will not subject the person making the report to retaliation by Vertex or its personnel. Vertex has established an online tool to report potential compliance concerns, which can be found here. Information about Vertex’s Compliance Alert Line is given to all personnel as a part of new hire orientation, continuing compliance training, and is made available on our intranet site.

5. Auditing and Monitoring

Vertex’s Compliance Program includes compliance-related monitoring and auditing functions to help evaluate on-going compliance with our compliance-related policies and procedures. Consistent with the OIG Guidance, we take a number of factors into consideration when determining the nature, extent, and frequency of our compliance monitoring and auditing activities. New legal requirements, developments in business practices, and similar considerations may result in new or revised compliance-related monitoring and auditing activities. We review our compliance-related monitoring and auditing activities on a regular basis to help ensure that significant compliance-related risks are appropriately addressed.

6. Enforcement and Discipline

Vertex maintains policies and procedures for addressing potential compliance-related concerns. These help ensure that relevant facts and circumstances are understood and considered in connection with all enforcement and disciplinary activities. These policies and procedures are intended to help ensure that appropriate and consistent action is employed to address inappropriate conduct and deter future violations.

7. Corrective Action Procedures

Vertex works on an on-going basis to help ensure compliance with state and federal health care laws, as well as with our internal compliance-related policies and procedures. We believe that our Compliance Program increases the likelihood of preventing or identifying unlawful and unethical behavior. We recognize, however, that even an effective compliance program will not prevent all violations. Our Compliance Program, therefore, requires the company to respond promptly to potential violations of law or Vertex policy, take appropriate disciplinary action, assess whether the violation may be due to gaps in our policies, practices, or internal controls, and take appropriate corrective action to prevent or limit future violations.

8. Risk Assessment

Vertex regularly conducts a compliance risk assessment to ensure that its compliance program continues to address appropriate compliance risks.

Vertex is committed to conducting all of our activities in compliance with applicable laws and ethical standards. We believe we have developed and implemented an effective Compliance Program, and we will continue to work to improve our Compliance Program and all of our compliance-related activities.
 

Last Revised 4/16/20