Risk Factors Related to Other Government Regulations
We are subject to healthcare laws, regulation and enforcement. The failure to comply with these laws could harm our results, operations and/or financial conditions.
Our current and future operations may be or may become directly, or indirectly through our customers and third-party payors, subject to various U.S. federal and state, EU, Japanese, Chinese, UK, Canadian, Israel and other jurisdictions’ healthcare laws including anti-kickback statutes, anti-bribery, anti-corruption provisions, anti-fraud statutes, false claims acts, including the AKS, Food, Drug & Cosmetic Act, False Claims Act and more. Healthcare providers, physicians and others play a primary role in the recommendation and prescription of any products for which we obtain marketing approval. These laws may impact, among other things, our proposed sales, marketing and education programs and constrain our business and financial arrangements with third-party payors, healthcare professionals who participate in our clinical research programs, healthcare professionals and others who recommend, purchase, or provide our approved products, and other parties through which we market, sell and distribute our products for which we obtain marketing approval.
In addition, our current and future operations are subject to other healthcare-related statutory and regulatory requirements and enforcement by regulatory authorities in jurisdictions in which we conduct our business. For example, the provision of benefits or advantages to physicians to induce or encourage the prescription, recommendation, endorsement, purchase, supply, order or use of medical products is generally not permitted in countries that form part of the EU, or the UK. Some EU Member States have enacted laws explicitly prohibiting the provision of these types of benefits and advantages to induce or reward improper performance generally, and the UK has enacted similar restrictions through the Bribery Act 2010. Infringements of these laws can result in substantial fines and imprisonment, as well as associated reputational harm. We are also subject to EU Directive 2001/83/EC and the Human Medicines Regulations 2012. Any action against us for violation of these laws, even if we successfully defend against it, could cause us to incur significant legal expenses and divert our management’s attention from the operation of our business.
The shifting compliance environment and the need to maintain robust and expandable systems to comply with multiple jurisdictions with different compliance or reporting requirements increases the possibility that we or our collaborative partners may run afoul of one or more of the requirements. We continue to expand, enhance and refine our internal ethics and compliance function and program to ensure compliance with the different healthcare laws and regulations. The expansion and maintenance of an internal compliance program involves substantial costs and, notwithstanding our investment, mechanisms put in place to ensure compliance with applicable laws and regulations and our best efforts, the program may not be fully successful as there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent all compliance violations by our employees, consultants, subcontractors, agents and partners.
It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations or case law involving applicable fraud and abuse or other healthcare laws and regulations. If our operations are found to be in violation of any of these laws or any other governmental regulations that may apply to us, we may be subject to significant civil, criminal and administrative investigations, penalties, damages, fines, disgorgement, imprisonment, exclusion of drugs from government funded healthcare programs, such as Medicare and Medicaid in the U.S., additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws, reputational harm and the curtailment or restructuring of our operations. Managing such investigations and defending against or appealing any such actions or penalties can be costly and time-consuming and may require significant financial and personnel resources. Therefore, even if we are successful in managing any such governmental investigations and/or defending against or appealing any such actions or penalties that may be brought against or imposed upon us, our business may be impaired. Further, if any of the physicians or other healthcare providers or entities with whom we expect to do business is found to be not in compliance with applicable laws, they may be subject to criminal, civil or administrative sanctions, including exclusions from government funded healthcare programs. Efforts to ensure that our business arrangements with third parties comply with applicable healthcare laws and regulations also involves substantial costs.
The scope and enforcement of each of these laws is uncertain and subject to rapid change in the current environment of healthcare reform. Federal and state enforcement bodies have recently increased their scrutiny of interactions between healthcare companies and healthcare providers, which has led to a number of investigations, prosecutions, convictions and settlements in the healthcare industry. Ensuring business arrangements comply with applicable healthcare laws, as well as responding to possible investigations by government authorities, can be time and resource consuming and can divert a company’s attention from the business.
All aspects of our business ranging from preclinical, clinical trials, marketing and commercialization are highly regulated and any delay by relevant regulatory authorities could jeopardize our development and approval process or result in other suspensions, refusals or withdrawal of approvals.
Before we can commence clinical trials for a product candidate, we must complete extensive preclinical testing and clinical trials that support our IND or planned IND applications in the U.S. or Japan, or our CTAs in the UK or in the EU, or a comparable application in other jurisdictions. We cannot be sure that we will be able to submit INDs or CTAs or comparable applications for our preclinical programs on the timelines we expect, if at all. We also cannot guarantee that submission of INDs or CTAs or comparable applications will result in the MHRA, EMA, FDA, MHLW (collectively, the Relevant Regulatory Authorities) or other regulatory authorities allowing clinical trials to even begin.
Clinical trials must be conducted in accordance with Relevant Regulatory Authorities and other applicable regulatory authorities’ legal requirements and regulations and are subject to oversight by these governmental agencies and IRBs and ethics committees at the medical institutions where the clinical trials are conducted. In addition, clinical trials must be conducted in compliance with GCPs and with supplies of our products and product candidates produced under cGMPs and other regulations. We could encounter delays if a clinical trial is suspended or terminated, by us, by the IRBs or ethics committees of the institutions in which such clinical trials are being conducted, by the data review committee or data safety monitoring board for such clinical trial by the Relevant Regulatory Authorities or other comparable regulatory authorities. Such authorities may impose a suspension or termination due to a number of factors, including failure to conduct the clinical trial in accordance with regulatory requirements or our clinical protocols, inspection of the clinical trial operations or clinical trial site by the Relevant Regulatory Authorities or other applicable authorities resulting in the imposition of a clinical hold, unforeseen safety issues or adverse side effects, including those relating to the class to which our products and product candidates belong, failure to demonstrate a benefit from using the product or product candidate, changes in governmental regulations or administrative actions or lack of adequate funding to continue the clinical trial.
If we experience delays in the completion of, or termination of, any clinical trial of our products or product candidates, the costs of our clinical trials may increase, the commercial prospects of our products and product candidates may be harmed, and our ability to generate product revenues from any of these products and product candidates will be delayed. Significant clinical trial delays could also allow our competitors to bring products to market before we do or shorten any periods during which we have the exclusive right to commercialize our products and product candidates.
Moreover, we must obtain separate regulatory approvals in each jurisdiction where we want to market and approval by one regulatory authority does not ensure approval by any other regulatory authority. As approval procedures can vary among countries and may change over time, this can require additional clinical testing and the time required to obtain approval may differ. We can provide no assurances that such approval will be obtained on the timeline that we expect or at all. In addition, we anticipate to submit applications for approval of VYVGART in new indications, but can provide no assurances that such applications will be accepted or that we will receive approval on our anticipated timeline, or at all.
If VYVGART or any new formulations of VYVGART are not approved in one or more jurisdictions including beyond the VYVGART Approved Countries, or if such approvals are significantly delayed, it could have a material adverse effect on our business. It is possible that none of our other existing product candidates or any product candidates we may seek to develop in the future will ever obtain regulatory approval in any other jurisdiction or indication.
Further, Relevant Regulatory Authorities may impose extensive and ongoing unique regulatory requirements. For example, they:
- may withdraw an approval or revoke a license;
- may refuse to grant approval, or may require additional data before granting approval, notwithstanding that approval may have been granted by another comparable foreign authority;
- may approve a product candidate for fewer or more limited indications or patient sub-segments than requested; or
- may grant approval contingent on the performance of costly post-marketing clinical trials, including Phase 4 clinical trials, and surveillance to monitor the safety and efficacy of the product candidate; or
- may approve a product candidate with a label that does not include the labeling claims necessary or desirable for the successful commercialization of that product candidate.
The costs of compliance with all Relevant Regulatory Authorities and applicable authorities regulations, requirements or guidelines could be substantial, and failure to comply could result in sanctions, including fines, injunctions, civil penalties, denial of applications for marketing authorization of our products, delays, suspension or withdrawal of approvals, license revocation, seizures or recalls of products, operating restrictions and criminal prosecutions, any of which could significantly increase our and/or our collaborative partners’ costs or delay the development and commercialization of our product candidates. At this time, we cannot guarantee or know the exact nature, precise timing and detailed costs of the efforts that will be necessary to complete the remainder of the development of our research programs and product candidates.
We are subject to privacy laws, regulation and potential enforcement. Our failure to comply with these laws could harm our results, operations and/or financial conditions.
Privacy laws, regulation and potential enforcement are particularly relevant to our business as we collect, store and process patient data, including sensitive health data as well as human biological samples such as blood or tissue, in the context of our clinical development activities, post-marketing approval monitoring obligations, and associated activities. We also collaborate on a regular basis with third parties where we may seek to use data collected by third parties on our or their behalf, or we may seek to share data collected by us with such third parties to further our research or commercial initiatives.
The GDPR imposes a broad range of strict requirements on companies, including with respect to cross-border transfers of personal data. The GDPR allows the imposition of substantial penalties in the event of non-compliance, including fines of up to €10 million or up to 2% of total worldwide annual turnover of the preceding fiscal year for certain comparatively minor offenses, or up to €20 million or up to 4% of total worldwide annual turnover if the preceding fiscal year for more serious offenses. We face uncertainty as to the exact interpretation of the requirements under the GDPR, and we may be unsuccessful in implementing all measures required by data protection authorities or courts in interpretation of the GDPR.
In addition, national laws of EU Member States may partially deviate from the GDPR and impose different obligations from country to country, so that we do not operate in a uniform legal landscape in the EU. Also, in the field of handling genetic data, the GDPR specifically allows EU Member States’ laws to impose additional and more specific requirements or restrictions, and European national laws have historically differed quite substantially in this field, leading to additional uncertainty.
Following its departure from the EU, the UK has maintained in force substantially equivalent provisions to the GDPR (UK GDPR). The UK Government has recently announced reforms to the regime. Similar concerns as those described above apply to our compliance with the UK GDPR and other UK data protection rules.
Privacy laws continue to evolve and expand in Europe. For example, Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 (as amended, the e-Privacy Directive) required the EU Member States to implement laws to meet strict privacy requirements related to electronic communications, cookies and online monitoring, and other digital privacy. Violations of these requirements can result in administrative measures, including fines, or criminal sanctions. The EU is in the process of developing a new e-Privacy Regulation to replace the e-Privacy Directive, and the new e-Privacy Regulation may impose additional obligations and risk for our business.
Beyond the EU and UK, privacy and data protection laws and regulations continue to develop and expand around the world, including in other jurisdictions in which we operate, such as the U.S., Japan, and Canada. Such laws and regulations impose increasing restrictions and obligations on the processing of personal data, including sensitive personal data such as genetic data. For example, in the U.S., the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information and new state privacy laws, such as the California Consumer Privacy Act of 2018 (CCPA) and the Washington My Health My Data Act of 2023, impose obligations on covered businesses, including, but not limited to, providing specific disclosures in privacy notices and affording residents certain rights related to their personal data. Additionally, effective as of January 1, 2023, the California Privacy Rights Act of 2020 (CPRA) imposes additional obligations on companies covered by the legislation and will significantly modify the CCPA, including by expanding consumers’ rights with respect to certain sensitive personal information. The CPRA also creates a new state agency that will be vested with authority to implement and enforce the CCPA and the CPRA. Furthermore, in the U.S., similar laws were enacted in certain states and proposed in numerous others. The effects of the CCPA and the CPRA are potentially significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply and increase our potential exposure to regulatory enforcement and/or litigation. If we are investigated by a data protection authority, we may face fines and other penalties. Any such investigation or charges by such data protection authorities could have a negative effect on our existing business and on our ability to attract and retain new clients or pharmaceutical partners. We may also experience hesitancy, reluctance, or refusal by clients or pharmaceutical partners to continue to use our products and solutions due to the potential risk exposure as a result of the current (and, in particular, future) data protection obligations imposed on them by certain data protection authorities in interpretation of current law. Such clients or pharmaceutical partners may also view any alternative approaches to compliance as being too costly, too burdensome, too legally uncertain, or otherwise objectionable and therefore decide not to do business with us. Any of the foregoing could harm our business, prospects, financial condition and results of operations.
Failure to comply with anti-corruption laws and regulations, anti-money laundering laws and regulations, economic sanctions and/or export control regulations and other laws governing our operations such as in relation to sustainability could have an adverse impact on our business.
We are or may become subject to various laws and regulations regarding anti-corruption, anti-money laundering, economic sanctions, investment restrictions, anti-fraud and export control regulations issued by multiple jurisdiction. These include the UK Bribery Act 2010 and the U.S. Foreign Corrupt Practices Act of 1977, as amended, which prohibits, among other things, payments, offers, or promises made for the purpose of improperly influencing any act or decision of a foreign official. The nature of our business means that we engage in significant interactions with foreign officials. We are also subject to economic sanctions and export control rules and regulations imposed by, amongst others, the U.S. Department of the Treasury’s Office of Foreign Assets Control, other agencies of the U.S. government, HM Treasury and other agencies of the UK government, the EU, and the United Nations. Any change in export or import regulations, economic sanctions regulations or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could decrease our ability to manufacture, import, export or sell our products internationally. Any limitation on our ability to manufacture, import, export or sell our products could adversely affect our business.
We have mechanisms in place to ensure compliance with such rules and regulations. However, there can be no assurance that our policies and procedures will be followed at all times or will effectively detect and/or prevent violations of applicable compliance regimes by our employees, consultants, sub-contractors, agents and partners. As a result, in the event of non-compliance, we could be subject to substantial civil or criminal penalties, including economic sanctions against us, incarceration for responsible employees and managers, the possible loss of export or import privileges, reputational harm, and resulting loss of revenue and profits, which could have a material adverse impact on our business, financial conditions and operations.
Moreover, a growing number of investors, regulators, self-regulatory organizations and other stakeholders have expressed an interest in setting Environmental, Social and Governance (ESG) goals and requiring the provision of new and more robust disclosure of steps taken to implement such goals. The related legislative landscape in the EU has been evolving accordingly. For example, on January 5, 2023, Directive (EU) 2022/2464 of the European Parliament and of the Council of December 14, 2022 amending Regulation (EU) No 537/2014, Directive 2004/109/EC, Directive 2006/43/EC and Directive 2013/34/EU, as regards corporate sustainability reporting (CSRD) came into force. This new directive strengthens the rules on the social and environmental information that companies must report. It expands the scope of companies required to report ESG information and increases the depth of required disclosures. The CSRD also introduces a ‘double materiality’ analysis, which requires companies to report on how sustainability issues might create financial risks for the company and on the company’s own impacts on people and the environment. The CSRD applies to large EU companies, EU parent companies of a “large group” and listed EU small or medium-sized companies. It also applies to non-EU companies that meet certain criteria, including an EU turnover threshold and an EU branch or subsidiary. The specific information to be reported is set out in the European Sustainability Reporting Standards (ESRS). Companies subject to the CSRD will have to comply with the reporting requirements on a staggered basis depending on their category. For listed companies that qualify as large EU companies and which are already obliged to publish a non-financial statement, a mandatory sustainability report in accordance with the ESRS will be required for financial years starting on or after January 1, 2024. This means that in 2025, we will have to publish for the first time a sustainability report complying with requirements under the CSRD integrated in our annual report for the financial year 2024. The Dutch government is in the process of implementing the CSRD into Dutch legislation.
This means that in 2025, we will have to publish our first CSRD report covering the prescribed ESG information for the financial year 2024. The Dutch government is in the process of implementing the CSRD into Dutch legislation. In July 2023, a Dutch draft bill to implement certain elements of the CSRD (including the requirements for assurance of CSRD reports and applicability to listed companies) was published and submitted for public consultation, which consultation period ended in September 2023. Additionally, in November 2023, a Dutch draft decree implementing certain elements of the CSRD (including the CSRD disclosure obligations for in-scope companies, assurance rules and implementation timelines) was published and submitted for public consultation, which consultation period ended in December 2023. The Dutch government will need to progress the parliamentary debate and adoption of the aforementioned draft bill and decree in the near future given that the ultimate date for implementation of the CSRD within EU member states at a local level is July 6, 2024.
Similarly, the SEC adopted on March 6, 2024 final rules aimed at enhancing and standardizing climate-related disclosures relating to climate-related risks, Scope 1 and Scope 2 greenhouse gas emissions and climate-related financial metrics (SEC Climate Rules). As an foreign private issuer and large accelerated filer, we will need to begin complying with the disclosure requirements of the SEC Climate Rules in our Form 20-F for the fiscal year ending December 31, 2025, which will include quantitative and qualitative climate-related disclosures.
In response to new ESG initiatives and regulations we may voluntarily elect, or be required, to adopt strategies, policies, or procedures related to ESG matters. Reporting on ESG goals and objectives, including pursuant to the SEC Climate Rules, may cause us to expend significant capital and human resources, and could divert management’s attention from central operational matters. Reports could also lead to the disclosure of information that which may have a negative impact on our operations and reputation which may lead to additional exposure. Failure to accurately comply with any ESG reporting obligations may result in enforcement actions, sanctions, reputational harm or private litigation.
We may become exposed to liability and substantial expenses in connection with environmental compliance or remediation activities.
Our operations, including our research, development, testing and third-party manufacturing activities, are subject to numerous environmental, health and safety laws and regulations and for which we may become liable.
If we or one of our contract manufacturing organizations (CMOs) or third-party distributors, manufacturers, licensees or co-marketers fail to comply with such laws and regulations, such failure could result in substantial fines, penalties or other sanctions which could also bring significant reputational loss to our business.
We face a risk of environmental liability inherent in our current and historical activities, including liability relating to releases of our exposure to hazardous or biological materials. Furthermore, environmental, health and safety laws and regulations are becoming more stringent. Both us and our CMOs may be required to incur substantial expenses in connection with future environmental compliance or remediation activities, in which case, our production and development efforts may be interrupted or delayed, and our financial condition and results of operations may be materially adversely affected.