Washington D.C. 20549
Report of Foreign Issuer
Pursuant to Rule 13a-16 or 15d-16 of
the Securities Exchange Act of 1934
For period ending 12 March 2019
GlaxoSmithKline plc
(Name of registrant)
980 Great West Road, Brentford, Middlesex, TW8 9GS
(Address of principal executive offices)
Indicate by check mark whether the registrant files or
will file annual reports under cover Form 20-F or Form 40-F
Form 20-F x     Form 40-F
Indicate by check mark whether the registrant by furnishing the
information contained in this Form is also thereby furnishing the
information to the Commission pursuant to Rule 12g3-2(b) under the
Securities Exchange Act of 1934.
Yes      No x
 GlaxoSmithKline plc
(the 'Company')
Publication of 2018 Annual Report
The Company will today publish on its website the Annual Report for the year ended 31 December 2018 (the '2018 Annual Report').
A hard copy version of the following documents will be sent to those shareholders who have elected to receive paper communications on or about 2 April 2019:
-     2018 Annual Report
-     2018 Annual Summary (the '2018 Summary')
-     2019 Notice of Annual General Meeting
Shareholders who have not elected to receive paper communications will be sent the 2018 Summary notifying them of the availability of these documents on the Company's website.
In compliance with Listing Rule 9.6.1R of the UK Financial Conduct Authority ('FCA'), the aforementioned documents will be submitted to the UK Listing Authority and will be available for public inspection at the National Storage Mechanism (NSM)
The information included in the unaudited preliminary results announcement released on 6 February 2019, together with the information in the Appendices to this announcement which is extracted from the 2018 Annual Report, constitute the materials required by the FCA's Disclosure Guidance and Transparency Rule 6.3.5R. This announcement is not a substitute for reading the 2018 Annual Report in full. Page and note references in the Appendices below refer to page and note references in the 2018 Annual Report.
V A Whyte
Company Secretary
12 March 2019
Cautionary statement regarding forward-looking statements
GSK cautions investors that any forward-looking statements or projections made by GSK, including those made in this announcement, are subject to risks and uncertainties that may cause actual results to differ materially from those projected. Such factors include, but are not limited to, those set out in Appendix A of this announcement.
Brand names
Brand names appearing in italics throughout this announcement are trademarks either owned by and/or licensed to GlaxoSmithKline or associated companies.
Principal risks and uncertainties
The principal risks discussed below are the risks and uncertainties relevant to our business, financial condition and results of operations that may affect our performance and ability to achieve our objectives. The risks below are those that we believe could cause our actual results to differ materially from expected and historical results. During 2018 we have evolved the cycle of management of these risks which helps us Identify, manage and report on our most important risks in a proportionate and consistent way.
We must adapt to and comply with a broad range of laws and regulations which apply to research and development, manufacturing, testing, approval, distribution, sales and marketing of Pharmaceutical, Vaccine and Consumer Healthcare products. These affect not only the cost of product development but also the time required to reach the market and the likelihood of doing so successfully on a continuous basis.
Also, during 2018 we have improved consistency of risk management across the organisation through evolution of our enterprise risk management and reporting cycle.
As rules and regulations change, and governmental interpretation evolves, the nature of a particular risk may change. Changes to certain regulatory regimes may be substantial. Any change in, and any failure to comply with, applicable law and regulations could materially and adversely affect our financial results.
Similarly, our global business exposes us to litigation and government investigations, including but not limited to product liability litigation, patent and antitrust litigation and sales and marketing litigation. Litigation and government investigations, including related provisions we may make for unfavourable outcomes and increases in related costs such as insurance premiums, could materially and adversely affect our financial results.
More detail on the status and various uncertainties involved in our significant unresolved disputes and potential litigation is set out in Note 45, 'Legal proceedings,' on pages 215 to 218.
UK regulations require a discussion of the mitigating activities a company takes to address principal risks and uncertainties. A summary of the activities that the Group takes to manage each of our principal risks accompanies the description of each principal risk below. The principal risks and uncertainties are not listed in order of significance.
Patient safety
Risk definition
Failure to appropriately collect, review, follow up, or report human safety information (HSI), including adverse events from all potential sources, and to act on any relevant findings in a timely manner.
Risk impact
The risk impact has the potential to compromise our ability to conduct robust safety signal detection and interpretation and to ensure that appropriate decisions are taken with respect to the risk/ benefit profile of our products, including the completeness and accuracy of product labels and the pursuit of additional studies/ analyses, as appropriate. This could lead to potential harm to patients, reputational damage, product liability claims or other litigation, governmental investigation, regulatory action such as fines, penalties or loss of product authorisation.
Pre-clinical and clinical trials are conducted during the development of investigational Pharmaceutical, Vaccine and Consumer Healthcare products to determine the safety and efficacy of the products for use by humans. Notwithstanding the efforts we make to determine the safety of our products through appropriate pre-clinical and clinical trials, unanticipated side effects may become evident only when products are widely introduced into the marketplace. Questions about the safety of our products may be raised not only by our ongoing safety surveillance and post-marketing studies but also by governmental agencies and third parties that may analyse publicly available clinical trial results. Constant vigilance and flexibility is required in order to respond to a varied regulatory environment which continues to evolve and diverge globally.
The Group is currently a defendant in a number of product liability lawsuits, including class actions, that involve significant claims for damages related to our products. Litigation, particularly in the US, is inherently unpredictable. Class actions that seek to sweep together all persons who take our products increase the potential liability. Claims for pain and suffering and punitive damages are frequently asserted in product liability actions and, if allowed, can represent potentially open-ended exposure and thus, could materially and adversely affect the Group's financial results.
Mitigating activities
The Chief Medical Officer (CMO), who is also the Medical Officer for Pharmaceuticals, is responsible for medical governance under a global policy. Under that policy, safeguarding human subjects in our clinical trials and patients who take our products is of paramount importance, and the CMO has the authoritative role for evaluating and addressing matters of human safety.
Individual Medical Officers within the Pharmaceutical, Vaccines and Consumer Healthcare businesses and our substantial Safety and Pharmacovigilance organisation keep track of any adverse issues reported for our products during the course of clinical studies. Once a Group product is approved for marketing, we have an extensive post-marketing surveillance and signal detection system. Information on possible side effects of products is received from several sources including unsolicited reports from healthcare professionals (HCPs) and patients, regulatory authorities, medical and scientific literature, traditional media and social media. It is our policy that employees are required to report immediately any issues relating to the safety or quality of our products. Each of our country managers is responsible for monitoring, exception tracking and training that helps assure the collection of safety information and reporting the information to the relevant central safety department, in accordance with policy and legal requirements.
Information that changes the risk/benefit profile of one of our products will result in certain actions to characterise, communicate and minimise the risk. Proposed actions are discussed with regulatory authorities and can include modifying the prescribing information, communications to physicians and other healthcare providers, restrictions on product prescribing/availability to help assure safe use, and sometimes carrying out further clinical trials. In certain cases, it may be appropriate to stop clinical trials or to withdraw the medicine from the market.
Our Global Safety Board (GSB), comprising senior physicians and representatives of supporting functions, is an integral component of the system. The GSB (including subsidiary boards dedicated to Consumer Healthcare products and Vaccines) reviews the safety of investigational and our marketed
products and has the authority to stop a clinical trial if continued conduct of such trial is not ethically or scientifically justified in light of information that has emerged since the start of the trial.
In addition to the medical governance framework as described above, we use several mechanisms to foster the early evaluation, mitigation and resolution of disputes as they arise, and of potential claims even before they occur. The goal of the programmes is to create a culture of early identification and evaluation of risks and claims (actual or potential) that remains strong through organisational andregulatory change, in order to minimise liability and litigation.
Product quality
Risk definition
Failure to comply with current Good Manufacturing Practices (cGMP) or inadequate controls and governance of quality in the supply chain covering supplier standards, manufacturing and distribution of products.
Risk impact
A failure to ensure product quality could have far reaching implications in terms of patient and consumer safety resulting in product launch delays, supply interruptions and product recalls. This would have the potential to do damage to our reputation, as well as result in other regulatory, legal and financial consequences.
Patients, consumers and HCPs trust the quality of our products. Product quality may be influenced by many factors including product and process understanding, consistency of manufacturing components, compliance with GMP, accuracy of labelling, reliability of the external supply chain, and the embodiment of an overarching quality culture. The internal and external environment continues to evolve as new products and new legislation are introduced. Critically, we are addressing the impact of Brexit on our supply chain management and quality oversight between the UK and the EU and are developing and deploying appropriate contingency plans to avoid interruption of supply to patients.
Mitigating activities
An extensive global network of quality and compliance professionals is aligned with each business unit to provide oversight and assist with the delivery of quality performance and operational compliance, from site level to senior management level. Management oversight of those activities is accomplished through a hierarchy of Quality Councils and through an independent Chief Product Quality Officer and Global Product Quality Office.
We have developed and implemented a single Quality Management System that defines the quality standards and systems for our businesses associated with Pharmaceuticals, Vaccines and Consumer Healthcare products and clinical trial materials. This system has a broad scope and is applicable throughout the product lifecycle from R&D to mature commercial supply.
There is no single external quality standard or system that governs the detailed global regulatory expectations for the quality of medicinal products. Requirements are often complex and fragmented across national and regional boundaries. We have therefore adopted the internationally recognised principles from the 'ICH Q10: Pharmaceutical Quality Systems' framework as the basis for the GSK Quality Management System.
This is an industry standard which incorporates quality concepts throughout the product lifecycle. The GSK Quality Management System is augmented by a consolidation of the numerous regulatory requirements defined by markets across the world, which assures that it meets external expectations for product quality in the markets supplied. The Quality Management System is routinely updated to ensure that it keeps pace with the evolving external regulatory environment and with new scientific understanding of our products and processes. As part of our drive to continually improve the operational deployment of our Quality Management System, we are making our policies and procedures simpler to understand and implement, as well as adopting innovative tools to give a more user-friendly experience.
We provide the Corporate Executive Team & Risk Oversight and Compliance Council with an integrated assessment of Regulated Quality (GxP) performance. The defined key performance indicators cover manufacturing practice, clinical practice, pharmacovigilance practice, regulatory practice, drug safety assessment, and animal welfare.
We have implemented a risk-based approach to assessing and managing third party suppliers that provide materials which are used in finished products. Contract manufacturers making our products are expected to comply with GSK standards and are regularly audited to provide assurance that standardsare met.
All staff members are regularly trained to ensure that cGMP standards and behaviours based on our values and expectations are followed. Additionally, advocacy and communication programmes are routinely deployed to ensure consistent messages are conveyed across the organisation, whether they originate from changes in regulation, learnings from inspections, or regulatory submissions. There is a continued emphasis on the value of quality performance metrics to facilitate improvement and foster a culture of 'right first time'.
Financial controls and reporting
Risk definition
Failure to comply with current tax laws or incurring significant losses due to treasury activities; failure to report accurate financial information in compliance with accounting standards and applicable legislation.
Risk impact
Non-compliance with existing or new financial reporting and disclosure requirements, or changes to the recognition of income and expenses, could expose us to litigation and regulatory action and could materially and adversely affect our financial results. Changes in tax laws or in their application with respect to matters such as transfer pricing, foreign dividends, controlled companies, R&D tax credits, taxation of intellectual property or a restriction in tax relief allowed on the interest on debt funding, could impact our effective tax rate. Significant losses may arise from inconsistent application of treasury policies, transactional or settlement errors, or counterparty defaults.
Any changes in the substance or application of the governing tax laws, failure to comply with such tax laws or significant losses due to treasury activities could materially and adversely affect our financial results.
The Group is required by the laws of various jurisdictions to disclose publicly its financial results and events that could materially affect the financial results of the Group. Regulators routinely review the financial statements of listed companies for compliance with new, revised or existing accounting and regulatory requirements. The Group believes that it complies with the appropriate regulatory requirements concerning our financial statements and disclosure of material information including any transactions relating to business restructuring such as acquisitions and divestitures. However, should we be subject to an investigation into potential non-compliance with accounting and disclosure requirements, this may lead to restatements of previously reported results and significant penalties.
Our Treasury group deals in high value transactions, mostly foreign exchange and cash management transactions, on a daily basis. These transactions involve market volatility and counterparty risk.
The Group's effective tax rate reflects rates of tax in the jurisdictions in which the Group operates that are both higher and lower than the UK rate and takes into account regimes that encourage innovation and investment in science by providing tax incentives which, if changed, could affect the Group's tax rate. In addition, the worldwide nature of our operations means that our intellectual property, R&D and manufacturing operations are centered in a number of key locations. A consequence of this is that our cross-border supply routes, necessary to ensure supplies of medicines into numerous end markets, can be complex and result in conflicting claims from tax authorities as to the profits to be taxed in
individual countries. Tax legislation itself is also complex and differs across the countries in which we operate. As such, tax risk can also arise due to differences in the interpretation of such legislation. The tax charge included in our financial statements is our best estimate of tax liability pending audits by tax authorities.
We expect there to be continued focus on tax reform in 2019 and future years driven by initiatives of the Organisation for Economic Cooperation & Development to address the taxation of the digital economy and European Commission initiatives including the use of fiscal state aid investigations. Together with domestic initiatives around the world, these may result in significant changes to established tax principles and an increase in tax authority disputes. These, regardless of their merit or outcomes, can be costly, divert management attention and may adversely impact our reputation and relationship with key stakeholders.
Mitigating activities
Financial results are reviewed and approved by regional management and then reviewed with the Financial Controller and the Chief Financial Officer (CFO). This allows our Financial Controller and our CFO to assess the evolution of the business over time, and to evaluate performance to plan. Significant judgments are reviewed and confirmed by senior management. Business re-organisations and newly acquired activities are integrated into risk assessments and appropriate controls and reviews are applied.
Counterparty exposure is subject to defined limits approved by the Board for both credit rating and individual counterparties. Oversight of Treasury's role in managing counterparty risk in line with agreed policy is performed by a Corporate Compliance Officer, who operates independently of Treasury. Further details on mitigation of Treasury risks can be found on pages 198 to 200, Note 42, 'Financial instruments and related disclosures'.
We maintain a control environment designed to identify material errors in financial reporting and disclosure. The design and operating effectiveness of key financial reporting controls are regularly tested by management and via Independent Business Monitoring. This provides us with the assurance that controls over key financial reporting and disclosure processes have operated effectively. A minimum standard control set has been implemented, whereby all Finance activities, are required to apply and ensure they are monitored. Our Global Finance Risk Management and Controls Centre of Excellence provides extra support to large Group organisations undergoing transformation such as system deployment or significant business and finance transformations. We have also added operational resources to ensure processes and controls are maintained during business transformation, the upgrade of our financial systems and processes. Additional risk mitigation has been introduced by amending the programme timelines of system upgrades to optimise delivery.
The Disclosure Committee reporting to the Board, reviews the Group's quarterly results and Annual Report and determines throughout the year, in consultation with its legal advisors, whether it is necessary to disclose publicly information about the Group through Stock Exchange announcements. The Treasury Management Group meets on a regular basis to seek to ensure that liquidity, interest rate, counterparty, foreign currency transaction and foreign currency translation risks are all managed in line with the conservative approach as detailed in the associated risk strategies and policies which have been adopted by the Board.
Tax risk is managed through robust internal policies, processes, training and compliance programmes to ensure we have alignment across our business and meet our tax obligations. We seek to maintain open, positive relationships with governments and tax authorities worldwide and we welcome
constructive debate on taxation policy. We monitor government debate on tax policy in our key jurisdictions to deal proactively with any potential future changes in tax law. We engage advisors and legal counsel to confirm the implications for our business of tax legislation such as the recently enacted US Tax Cuts and Jobs Act. Where appropriate, we are active in providing relevant business input to tax policy makers. Significant decisions are submitted for consideration to the Tax Governance Board which meets quarterly and comprises senior personnel from across GSK's Finance division.
Our tax affairs are managed on a global basis through a co-ordinated team of tax professionals led by the Global Head of Tax who works closely with the business. Our tax professionals are suitably qualified for the roles they perform, and we support their training needs in order that they continue to be able to provide up to date technical advice. We submit tax returns according to statutory time limits and engage with tax authorities to seek to ensure our tax affairs are current, entering arrangements such as Continuous Audit Programmes and Advance Pricing Agreements where appropriate. These agreements provide long-term certainty for both tax authorities and for us over the tax treatment of our business. In exceptional cases where matters cannot be settled by agreement with tax authorities, we may have to resolve disputes through formal appeals or other proceedings.
We keep up-to-date with the latest developments in financial reporting requirements by working with our external auditors and legal advisors.
Anti-bribery and corruption (ABAC)
Risk definition
Failure of GSK employees, consultants and third parties to comply with our Anti-bribery & corruption (ABAC) principles and standards, as well as with all applicable legislation.
Risk impact
Failure to mitigate this risk could expose the Group and associated persons to governmental investigation, regulatory action, and civil and criminal liability and may compromise the Group's ability to supply its products under certain government contracts. In addition to legal and financial penalties, a failure to prevent bribery through complying with ABAC legislation and regulations could have substantial implications for the reputation of the company, the credibility of senior leaders, and an erosion of investor confidence in our governance and risk management.
We are exposed to bribery and corruption risk through our global business operations. In some markets, the government structure and the rule of law are less developed, and this has a bearing on our bribery and corruption risk exposure. In addition to the global nature of our business, the healthcare sector by its very nature maintains relationships with government bodies, is highly competitive and subject to regulation. This increases the instances where we are exposed to bribery and corruption risk.
The Group has been subject to a number of ABAC inquiries. We reached a resolution with the US authorities in 2016 regarding their ABAC inquiry, following which we were subject to a self-monitoring arrangement. The self-monitorship concluded in September 2018. Government investigations regarding our China and other business operations are ongoing. These investigations are discussed further in Note 45, 'Legal proceedings'.
Mitigating activities
Programme governance is provided through Enterprise Risk Management overseen by the ABAC Governance Board which includes representation from key functional areas and the business. We have a dedicated ABAC team responsible for the implementation and evolution of the programme in response to developments in the internal and external environment. This is complemented with independent oversight and assurance undertaken by the Audit & Assurance and Independent Business Monitoring teams.
We have an enterprise-wide ABAC programme designed to ensure compliance with our ABAC policies and mitigate the risk of bribery and corruption. It builds on our business standards, values and expectations to form a comprehensive and practical approach to compliance and is flexible to the evolving nature of our business.
Our Code of Conduct, values and expectations, and commitment to zero tolerance are integral to how we mitigate this risk. In light of the complexity and geographic breadth of this risk, we constantly evolve our oversight of activities and data, reinforce to our workforce clear expectations regarding acceptable behaviours, and maintain regular communications between the centre and local markets.
Our ABAC programme is built on best in class principles and is subject to ongoing review and development. It provides us with the basis from which we seek to manage the risk from top down and bottom up. For example, the programme comprises top-level commitment from the Board of Directors and leadership, a global risk assessment and key risk indicators to enable targeted intervention and risk management activities. The programme is underpinned by a global ABAC policy and written standards that address commercial and other practices that give rise to ABAC risk and ongoing communications. We provide mandatory periodic ABAC training to our staff and relevant third parties
in accordance with their roles, responsibilities and the risks they face. In addition, the programme mandates enhanced controls over interactions with government officials and during business development transactions.
We continually benchmark our ABAC programme against other large multinational companies and use external expertise and internal insights to drive improvements in the programme.
Commercial practices
Risk definition
Failure to engage in commercial activities that are consistent with the letter and spirit of the law, industry,or the Group's requirements relating to marketing and communications about our medicines and associated therapeutic areas; appropriate interactions with healthcare professionals (HCPs) and patients; and legitimate and transparent transfer of value.
Risk impact
Failure to manage risks related to commercial practices could materially and adversely affect our ability to grow a diversified global business and deliver more products of value for patients and consumers.Failure to comply with applicable laws, rules and regulations may result in governmental investigation,regulatory action and legal proceedings brought against the Group by governmental and private plaintiffs which could result in government sanctions, and criminal and/or financial penalties. Failure to provide accurate and complete information related to our products may result in incomplete awareness of the risk/benefit profile of our products and possibly suboptimal treatment of patients and consumers.
Any practices that are found to be misaligned with our values could also result in reputational harm and dilute trust established with external stakeholders.
We operate on a global basis in an industry that is both highly competitive and highly regulated. Our competitors may make significant product innovations and technical advances and may intensify price competition. In light of this competitive environment, continued development of commercially viable new products and the development of additional uses for existing products that reflect insights which help ensure those products address the needs of patients/consumers, HCPs, and payers are critical to achieve our strategic objectives.
As other pharmaceutical, vaccine and consumer companies, we face downward price pressure in major markets, declining emerging market growth, and negative foreign exchange impact.
Developing new Pharmaceutical, Vaccine and Consumer Healthcare products is a costly, lengthy and an uncertain process. A product candidate may fail at any stage, including after significant economic and human resources have been invested. Our competitors' products or pricing strategies, or any failure on our part to develop commercially successful products, or to develop additional uses for existing products, could materially and adversely affect our ability to achieve our strategic objectives.
We are committed to the ethical and responsible commercialisation of our products to support our mission to improve the quality of human life by enabling people to do more, feel better, and live longer.To accomplish this mission, we engage the healthcare community in various ways to provide important information about our medicines. Promotion of approved products seeks to ensure that HCPs globally have access to information they need, that patients and consumers have access to the information and products they need and that products are prescribed, recommended or used in a manner that provides the maximum healthcare benefit to patients and consumers. We are committed to communicating information related to our approved products in a responsible, legal and ethical manner.
Mitigating activities
Our strategic objectives are designed to ensure we achieve our mission of helping people do more, feel better and live longer. We continue to strive for new product launches that are competitive and resourced effectively. We also strive to have a healthy proportion of the Group's sales ratio attributable to new product or innovation sales.
This innovation helps us defray the effect, for example, of downward price pressure in major markets, declining emerging market growth and negative foreign exchange impact. Establishing new products that are priced to balance expectations of patients and consumers, HCPs, payers, shareholders, and the community enables us to maintain a strong global business and remain relevant to the needs of patients and consumers. Our values and behaviours provide a guide for how we lead and make decisions. We constantly strive to do the right thing and deliver quality products and ensure supply is sustained to meet customer needs and demand requirements, seeking to ensure our actions reflect our values, behaviours and the mission of our company.
We have taken action to enhance and improve standards and procedures for customer and consumer engagement utilising the application of data analytics and e-commerce channels. We have policies and standards governing commercial activities undertaken by us or on our behalf. Training has been implemented to support the evolution of our activities to all relevant employees. All of these activities we conduct worldwide must conform to high ethical, regulatory, and industry standards. Where local standards differ from global standards, the more stringent of the two applies. We have harmonised policies and procedures to guide above-country commercial practice processes as well as clarified applicable standards for operations in the various markets in which we operate. Each business has adopted the Internal Control Framework to support the assessment and management of its risks. Commercial practices activities have appropriate monitoring programmes and oversight from both business unit Risk Management and Compliance Boards and Country Executive Boards that manage risks across in-country business activities. Where in the past we have fallen below our own or any other regulatory or industry standards, we have sought to improve both the framework and culture for our compliance processes.
All promotional materials and activities must be reviewed and approved according to our policies and standards, and conducted in accordance with local laws and regulations, to seek to ensure that these materials and activities fairly represent the products or services of the Group. When necessary, we have disciplined (up to and including termination) employees who have engaged in misconduct and have broadened our ability to claw back remuneration from senior management in the event of misconduct.
We have eliminated rewards based on individual sales or market share of prescription products for sales professionals and their managers who interact with HCPs in favour of rewards based on the quality of the individuals' interactions with HCPs.
In October 2018, we announced changes that allow fair market value payments to be made by GSK to expert practitioners to speak about our innovative medicines and vaccines in a limited number of countries during a restricted time period in a product's lifecycle. New controls and training have been implemented to support these changes while ensuring appropriate oversight and assurance across the markets. Under the new policy, we will expand our reporting of payments to individual HCPs as part of our commitment to transparency and responsible disclosure.
Risk definition
The failure to collect, secure, use and destroy personal information (PI) in accordance with applicable data privacy laws.
Risk impact
Non-compliance can lead to harm to individuals (e.g. financial loss, distress, prejudice) and GSK (e.g. fines, management time, operational inefficiency, out of pocket costs, and reputational damage). It can also damage trust between GSK and individuals, communities, business partners and government authorities.
The General Data Protection Regulation (GDPR) increased the enforcement powers of EU supervisory authorities, including by allowing them to impose fines of up to 4% of global revenue, and to require the suspension of processing PI in certain circumstances. GDPR also gives individuals the right to bring collective legal actions against GSK for failure to comply with data privacy laws.
Data Privacy laws are diverse, with limited harmonisation, despite Europe's adoption of GDPR. In many countries in which GSK operates, local data privacy laws govern how GSK can collect and use PI. It is challenging for multi-nationals to standardise their approach to compliance with data privacy laws due to the high-level of local variation. Governments are enforcing compliance with data privacy laws more rigorously. There is an increasing focus on the ethical use of PI, over and above compliance with data privacy laws, and individuals are increasingly aware of their rights under data privacy laws.
Mitigating activities
The Chief Compliance Officer is also the chairperson of the Privacy Governance Board (PGB), which oversees GSK's overall data privacy programme. Each business and function has appointed a Risk Owner who is accountable for the oversight of privacy risks associated with that business or functional area. They are supported by Privacy Leaders within their business or function. Additionally, in some countries data privacy laws require a Data Protection Officer (DPO) to be appointed. GSK has appointed a single DPO for the European Union, who is represented and supported in specific countries by Country Privacy Advisors. The Chief Compliance Officer is the Enterprise Risk Owner (ERO). The ERO has appointed a delegate risk owner, the Global Privacy Officer (GPO) who has accountability on a day-to-day basis for designing and implementing the control framework. The GPO co-leads the cross functional Privacy Centre of Excellence (CoE), together with the Global Privacy Counsel. They are supported by Privacy Officers and Privacy Counsel for each Region and multiple Country Privacy Advisors (who are familiar with local privacy regulations).
GSK has emphasised the importance of data privacy from an internal risk management perspective by separating Privacy as a new, standalone Enterprise Risk from the Information Security Enterprise Risk.It has created a Privacy Centre of Excellence in Global Ethics and Compliance, which has overseen: (i) the implementation of a control framework; (ii)remediation of certain existing business activities to ensure compliance with GDPR (including adopting privacy controls e.g. privacy contract terms, written records of processing activities, data protection impact assessments) and (iii) a comprehensive training programme to drive greater awareness and accountability for managing PI across the entire organisation. Key roles of the privacy network at GSK will be certified with an accredited international privacy association.
Through monitoring, we continuously improve our processes, such as issue identification, reporting and handling capabilities. We are developing a process to detect and assess new privacy regulations to proactively prepare and mitigate regulatory risk to GSK.
Research practices
Risk definition
Failure to adequately conduct ethical and sound preclinical and clinical research. In addition, failure to engage in scientific activities that are consistent with the letter and spirit of the law, industry, or the Group's requirements, and failure to secure adequate patent protection for GSK's products.
Risk impact
The impacts of the risk include harm to human subjects, reputational damage, failure to obtain the necessary regulatory approvals for our products, governmental investigation, legal proceedings brought against the Group by governmental and private plaintiffs (product liability suits and claims for damages),loss of revenue due to inadequate patent protection or inability to supply GSK products, and regulatory action such as fines, penalties, or loss of product authorisation. Any of these consequences could materially and adversely affect our financial results and cause loss of trust from our customers and patients.
Research relating to animals can raise ethical concerns. While we attempt to address this proactively,
animal studies remain a vital part of our research. In many cases, they are the only method that can be used to investigate the effects of a potential new medicine in a living body before it is studied in humans. Animal research can provide critical information about the causes of diseases and how they develop. Nonetheless, we are continually seeking ways in which we can minimise our use of animals in research, whilst complying with regulatory requirements.
Clinical trials in healthy volunteers and patients are used to assess and demonstrate an investigational product's efficacy and safety or further evaluate the product once it has been approved for marketing. We also work with human biological samples. These samples are fundamental to the discovery, development and safety monitoring of our products.
The integrity of our data is essential to success in all stages of the research data lifecycle: design, generation, recording and management, analysis, reporting, storage and retrieval. Our research data is governed by legislation and regulatory requirements. Research data and supporting documents are core components at various stages of pipeline progression decision-making and form the content of regulatory submissions, publications and patent filings. Poor data integrity can compromise our research efforts and negatively impact company reputation.
There are innate complexities and interdependencies required for regulatory filings, particularly given our global research and development footprint. Continually changing and increasingly stringent submission requirements continue to increase the complexity of worldwide product registration.
Scientific engagement (SE), defined as the interaction and exchange of information between GSK and external communities to advance scientific and medical understanding, including the appropriate development and use of our products, is an essential part of scientific discourse. Such non-promotional engagement with external stakeholder groups is vital to GSK's mission and necessary for scientific and medical advance. SE activities are essential but present legal, regulatory, and reputational risk if the sharing of data, invited media coverage or payments to HCPs have, or are perceived to have, promotional intent.
A wide variety of biological materials are used by GSK in discovery, research and development phases. Through the Convention on Biological Diversity (CBD) and the Nagoya Protocol, the international community has established a global framework regulating access to, and use of, genetic resources of non-human origin in Research and Development (R&D). We support the principles of access and benefit sharing to genetic resources as outlined in the CBD and the Nagoya Protocol, recognising the importance of appropriate, effective and proportionate implementation measures at national and regional levels.
Patent rights play an important role in providing GSK with a competitive advantage in the market. Any loss of patent protection in a market for GSK's products developed through our R&D, including reducing the availability or scope of patent rights, could materially and adversely affect our financial results in that market. Absence of adequate patent or data exclusivity protection, which could lead to, for example, competition from manufacturers of generic pharmaceutical products, could limit the opportunity to rely on such markets for future sales growth for our products, which could also materially and adversely impact our financial results. Following expiration of certain intellectual property rights, a generic manufacturer may lawfully produce a generic version of a product. Introduction of generic products typically leads to a rapid and dramatic loss of sales and reduces our revenues and margins for our proprietary products.
Mitigating activities
We have an established Office of Animal Welfare, Ethics and Strategy (OAWES), led by the Chief of Animal Welfare, Ethics and Strategy, that ensures the humane and responsible care of animals and the knowledge and application of non-animal alternatives. The OAWES provides a framework of animal welfare governance, promotesapplication of 3Rs (replacement, refinement and reduction of animals in research), conducts quality assessments and develops and deploys strategies on animal model reproducibility and translatability.
The Chief Medical Officer oversees the following enterprise Medical Governance Boards:
-         The Human Subject Research Board is in place to provide oversight for the human subject research sponsored and supported by us to ensure it conforms to ethical, medical and scientific standards
-         The Data Disclosure Board provides oversight for disclosure of our sponsored and supported human subject research. We make information available on our clinical studies, including summaries of the results - whether positive or negative. We were the first company to publish clinical study reports that form the basis of submissions to regulatory agencies and we have publicly posted more than 2,400 clinical study reports in addition to more than 6,400 study result summaries
-         Specific accountability and authorisation for SE is overseen by the Scientific Engagement and Promotional Practices Board. This Board is responsible for oversight of applicable policies and seeking to ensure the highest level of integrity and continuous development of SE
We have a Global Human Biological Samples Management (HBSM) governance framework in place to oversee the ethical and lawful acquisition and management of human biological samples. Our HBSM Enterprise Risk Management Team champions HBSM activities and provides an experienced group to support internal sample custodians regarding best practice.
It remains an important priority to enhance our data integrity controls. Data Integrity Committees are in place to provide oversight and Data Integrity Quality Assurance teams conduct assessments to provide independent business monitoring of our internal controls for R&D activities.
The Regulatory Governance Board serves as the global regulatory risk management and compliance board, promoting compliance with regulatory requirements and procedures, and oversees Group-wide written standards for cross business regulatory processes.
We established an Access and Benefit Sharing Centre of Excellence to oversee applicable requirements and enforcement measures for the acquisition and use of genetic material of non-human origin in scope of the Nagoya Protocol.
R&D maintains and controls pre-publication procedures to guard against public disclosure in advance of filing patent applications. In addition, because loss of patent protection can occur due to lack of data integrity in preparing patent application data and information, legal experts collaborate with R&D to support the review process for new patent applications.
The Research Practices risk is overseen by an Enterprise framework that seeks to ensure strengthened governance across the R&D businesses in Pharmaceuticals, Vaccines and Consumer Healthcare. Under the leadership of the Research Practices Enterprise Risk Owner, management of the risk takes a pragmatic approach to information sharing, streamlining risk identification and escalation, while ensuring ownership stays with the business.
Third party oversight (TPO)
Risk definition
Failure to maintain adequate governance and oversight over third party relationships and failure of third parties to meet their contractual, regulatory, confidentiality or other obligations.
Risk impact
Failure to adequately manage third party relationships could result in business disruption and exposure to risks ranging from sub-optimal contractual terms and conditions, to severe business and legal sanctions and/or significant reputational damage. Any of these consequences could materially and adversely affect our business operations and financial results.
Third parties are critical to our business delivery and are an integral part of the solution to meeting our business objectives. We rely on third parties, including suppliers, advisors, distributors, individual contractors, licensees, and other pharmaceutical and biotechnology collaboration partners for discovery, manufacture, and marketing of our products and for supporting other important business processes.
These business relationships present a material risk. For example, we share critical and sensitive information such as marketing plans, clinical data, and employee data with specific third parties who are conducting the relevant outsourced business activities. Inadequate protection or misuse of this information by third parties could have significant business impact. Similarly, we use distributors and agents in a range of activities such as promotion and tendering which have inherent risks such as inappropriate promotion or corruption. Insufficient internal compliance and controls by the distributors could affect our reputation. These risks are further increased by the complexities of working with large
numbers of third parties across a diverse geographical spread.
Mitigating activities
To guide and enforce our global principles for interactions with third parties we have a global policy framework applicable to buying goods and services, managing our external spend, paying and working with our third parties. This policy framework applies to all employees and complementary workers worldwide. The enterprise-wide TPO programme takes an enterprise-wide view of third party related risks to ensure compliance with our ABAC policies and additional risks such as Labour Rights, Health and Safety and Human Safety Information. It forms a comprehensive and practical approach to third party oversight that is flexible to the evolving nature of our business and the type of engagement being managed. The programme is managed through the Global Ethics and Compliance organisation and has been globally deployed. It has strengthened risk assessment, contractual terms and due diligence efforts on third parties and improved the overall management of our third party risks through the lifecycle of the third party engagement.
Programme governance is provided through Enterprise Risk Management overseen by the TPO Governance Board which includes representation from key functional areas and the business. We have a dedicated TPO team responsible for the implementation and evolution of the programme in response to developments in the internal and external environment.
Each business leadership team retains ultimate accountability for managing third party interactions and risks. When working with third parties, our employees are expected to manage external interactions and commitments responsibly. This expectation is embedded in our values and Code of Conduct. It is our responsibility that all activities carried out on our behalf are performed safely and in compliance with applicable laws and our values, expectations, standards and Code of Conduct (See ABAC report above).
Our programme is complemented with independent oversight and assurance undertaken by the Audit & Assurance and Independent Business Monitoring teams. We review the TPO programme against
other large multinational companies and use external expertise and internal insights to drive improvements in the programme.
Environment, health & safety and sustainability (EHS&S)
Risk definition
Failure to manage environment, health & safety and sustainability (EHS&S) risks in line with our objectives and policies and with relevant laws and regulations.
Risk impact
Failure to manage EHS&S risks could lead to significant harm to people, the environment and communities in which we operate, fines, failure to meet stakeholder expectations and regulatory requirements, litigation or regulatory action, and damage to the Group's reputation, which could materially and adversely affect our financial results.
We are subject to health, safety and environmental laws of various jurisdictions. These laws impose duties to protect people, the environment, and the communities in which we operate, as well as potential obligations to remediate contaminated sites. We have also been identified as a potentially responsible party under the US Comprehensive Environmental Response Compensation and Liability Act at a number of sites for remediation costs relating to our use or ownership of such sites in the US. Failure to manage these environmental risks properly could result in litigation, regulatory action and additional remedial costs that may materially and adversely affect our financial results. See Note 45 to the financial statements, 'Legal proceedings', for a discussion of the environmental related proceedings in which we are involved. We routinely accrue amounts related to our liabilities for such matters.
Mitigating activities
The Corporate Executive Team (CET) is responsible for EHS&S governance under a global policy. Under that policy, the CET seeks to ensure there is a control framework in place to manage the risks, impacts and legal compliance issues that relate to EHS&S and for assigning responsibility to senior managers for providing and maintaining those controls. Individual managers seek to ensure that the EHS&S control framework is effective and well implemented in their respective business area and that it is fully compliant with all applicable laws and regulations, adequately resourced, maintained, communicated, and monitored. Additionally, each employee is personally responsible for ensuring that all applicable local standard operating procedures are followed by them and expected to take responsibility for EHS&S matters.
Our risk-based, proactive approach is articulated in our Global EHS&S standard which supports our EHS&S policy and our objective to discover, develop, manufacture, supply and sell our products without harming people or the environment. In addition to the design and provision of safe facilities, plant and equipment, we operate rigorous procedures that help us eliminate hazards where practicable and protect employees' health and well-being.
Through our continuing efforts to improve environmental sustainability we have reduced our value chain carbon intensity per pack, water consumption and waste generation. We actively manage our environmental remediation obligations and seek to ensure practices are environmentally sustainable and compliant.
Information security
Risk definition
The risk to GSK business activities if information becomes disclosed to those not authorised to see it, or if information or systems fail to be available or are corrupted, typically because of cybersecurity threats, although accident or malicious insider-action may be contributory causes.
Risk impact
Failure to adequately protect critical and sensitive systems and information may result in loss of commercial or strategic advantage and could materially affect our ongoing business operations, such as scientific research, clinical trials and manufacturing and supply chain activities.
We rely on critical and sensitive systems and data, such as corporate strategic plans, intellectual property, manufacturing systems and trade secrets. There is the potential that our computer systems or information may be exposed to misuse or unauthorised disclosure.
We believe that the cyber security incidents that we have experienced to date have not resulted in significant disruptions to our operations and have not had a significant adverse effect on our results of operations, or on third parties. However, as the threats evolve we cannot provide assurance that our significant efforts in protecting and monitoring our systems and information will always be successful in preventing compromise or disruption in future. They increasingly involve highly-resourced threat actors such as nation-states and organised criminals. Combined with the size and complexity of our IT systems and those of our supply chain partners (including outsourced operations), this means that our systems and information have been, and are expected to continue to be, the subject of cyber-attacks of various types.
Mitigating activities
We have a global information protection policy and accompanying information technology standards and processes that are supported through a dedicated team and programme of activity. Our Information Protection function provides strategy, direction, and oversight, including active monitoring of cyber security, while enhancing our global information security capabilities, through an ongoing programme of investment that is in its sixth year.
We assess changes in our information protection risk environment through briefings by government agencies, subscription to commercial threat intelligence services and knowledge sharing with other pharmaceutical businesses and cross-industry bodies. Such changes are regularly reviewed by our Executive team and our Board and suitable adjustments agreed.
We aim to apply industry best practices as part of our information security policies, processes and technologies and invest in strategies that are commensurate with the changing nature of the security threat landscape. This will include suitable levels of cyber-risk insurance cover in future.
Supply continuity
Risk definition
Failure to deliver a continuous supply of compliant finished product; inability to respond effectively to a crisis incident in a timely manner to recover and sustain critical operations, including key supply chains.
Risk impact
We recognise that failure to supply our products can adversely impact consumers and patients who rely on them. A material interruption of supply or exclusion from healthcare programmes could expose us to litigation or regulatory action and financial penalties that could adversely affect the Group's financial results. The Group's international operations, and those of its partners, expose our workforce, facilities, operations and information technology to potential disruption from natural events (e.g. storm, earthquake), man-made events (e.g. civil unrest, terrorism), and global emergencies (e.g. Ebola outbreak, flu pandemic). It is important that we have robust crisis management and recovery plans in place to manage such events.
Our supply chain operations are subject to review and approval by various regulatory agencies that effectively provide our license to operate. Failure by our manufacturing and distribution facilities or by suppliers of key services and materials could lead to litigation or regulatory action such as product recalls and seizures, interruption of supply, delays in the approval of new products, and suspension of manufacturing operations pending resolution of manufacturing or logistics issues.
We rely on materials and services provided by third party suppliers to make our products, including active pharmaceutical ingredients (API), antigens, intermediates, commodities, and components for the manufacture and packaging of Pharmaceutical, Vaccine and Consumer Healthcare products. Some of the third party services procured, such as services provided by contract manufacturing and clinical research organisations to support development of key products, are important to ensure continuous operation of our business.
Although we undertake risk mitigation we recognise that certain events could nevertheless still result in delays or service interruptions. We use effective crisis management and business continuity planning to provide for the health and safety of our people and to minimise impact to us, by maintaining functional operations following a natural or man-made disaster, or a public health emergency.
Mitigating activities
Our supply chain model is designed to ensure the supply, quality and security of our products globally, as far as possible. Through the Supply Chain Governance Committees we closely monitor the inventory status and delivery of our products, with the aim of ensuring that customers have the Pharmaceutical, Vaccines and Consumer Healthcare products they need. Improved links between commercial forecasting and manufacturing made possible by our core commercial cycle should, over time, reduce the risk associated with demand fluctuations and any impact on our ability to supply or the cost of write offs where products exceed their expiry date. Each node of the supply chain is periodically reviewed to ensure adequate safety stock, while balancing working capital in our end-to-end supply chain. Particular attention is placed on mitigating supply risks associated with medically critical and high-revenue products.
We routinely monitor the compliance of manufacturing external suppliers to identify and manage risks in our supply base. Where practical, we minimise our dependence on single sources of supply for critical items. Where alternative sourcing arrangements are not possible, our inventory strategy aims to protect the supply chain from unanticipated disruption.
We continue to implement anti-counterfeit systems such as product serialisation in accordance with emerging supply chain requirements such as the EU Falsified Medicines Regulation around the world.
A corporate policy requires each business and functional area head to ensure effective crisis management and business continuity plans are in place that include authorised response and recovery strategies, key areas of responsibility and clear communication routes, before any business disruption occurs. Corporate Security supports the business by: coordinating crisis management and business continuity training; facilitating simulation exercises; assessing our preparedness and recovery capability;and providing assurance oversight of our central repository of plans supporting our critical business processes.
Each business performs risk oversight to assure adequate risk mitigation including identifying new and emerging threats. We have a coordinated approach to evaluate and manage the implications for our business arising from Brexit. Our approach to Brexit is set out on page 36.
These activities help ensure an appropriate level of readiness and response capability is maintained. We also develop and maintain partnerships with external bodies like the Business Continuity Institute and the UN International Strategy for Disaster Risk Reduction, which helps improve our business continuity initiatives in disaster-prone areas and supports the development of community resilience to disasters.
Directors' responsibility statement
Each of the current Directors, whose names and functions are listed below in the Corporate Governance section of the Annual Report 2018 confirms that, to the best of his or her knowledge:
-     the Group financial statements, which have been prepared in accordance with IFRS as adopted by the EU and IFRS as issued by the IASB, give a true and fair view of the assets, liabilities, financial position and profit of the Group; and
-     the Strategic report and risk sections of the Annual Report, which represent the management report, include a fair review of the development and performance of the business and the position of the Group, together with a description of the principal risks and uncertainties that it faces.
Sir Philip Hampton
Independent Non-Executive Chairman
Emma Walmsley
Chief Executive Officer
Dr Hal Barron
Chief Scientific Officer and President, R&D
Simon Dingemans
Iain Mackay
Chief Financial Officer
Chief Financial Officer Designate
Manvinder Singh (Vindi) Banga
Senior Independent Non-Executive Director
Dr Vivienne Cox
Independent Non-Executive Director and Workforce Engagement Director
Lynn Elsenhans
Independent Non-Executive Director
Dr Laurie Glimcher
Independent Non-Executive Director and Scientific & Medical Expert
Dr Jesse Goodman
Independent Non-Executive Director and Scientific & Medical Expert
Judy Lewent
Independent Non-Executive Director
Urs Rohner
Independent Non-Executive Director
Related party transactions
At 31 December 2018, GSK owned 32 million shares or 31.7% of Innoviva Inc. which is a biopharmaceutical company listed on NASDAQ. GSK began recognising Innoviva as an associate on 1 September 2015. The royalties due from GSK to Innoviva in the year were £209 million (2017 - £173 million). At 31 December 2018, the balance payable by GSK to Innoviva was £64 million (2017 - £53 million).
At 31 December 2018, GSK held a 50% interest in Japan Vaccine Co. Ltd (JVC) through its subsidiary GlaxoSmithKline K.K. This joint venture with Daiichi Sankyo Co., Ltd is primarily responsible for the development and marketing of certain prophylactic vaccines in Japan. During 2018, GSK sold £43 million (2017 - £41 million) of its vaccine products into the joint venture. At 31 December 2018, the trading balance due to GSK from JVC was £15 million (2017 - £11 million) and the balance payable by GSK to JVC was £nil (2017 - £nil).
Loans of £5 million to Medicxi Ventures I LP and £6 million to Index Ventures Life VI (Jersey) LP remained due to GSK at 31 December 2018. In 2018, GSK increased the equity investment in Kurma Biofund II, FCPR by £3 million, Apollo Therapeutics LLP by £2 million and Longwood Founders Fund LP by £0.2 million, and reduced a liability with Qura Therapeutics LLC by £3 million. As at 31 December 2018, the outstanding liability to Qura was £4 million.
The aggregate compensation of the Directors and CET is given in Note 9, 'Employee costs'.
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorised.

GlaxoSmithKline plc
Date: March 12, 2019 
Victoria Whyte
Authorised Signatory for and on
behalf of GlaxoSmithKline plc