Create long-term sustainable value supported by a strong and strategic corporate governance structure. We evolve while committed to the best corporate governance practices.

Our roadmap. Grifols 2030 Agenda

  • Supplier assessments using ESG criteria
  • Maintain claims ratio in Biopharma
  • No critical deficiencies detected in external audits

Our priorities

  • Ethics

  • Transparency

  • Human rights

  • Honesty

  • Sustainability

  • Safety and

  • Integrity

  • Independence

  • Legal

Alignment with the UN Global Compact

Grifols adheres to several principles

Principle 1. We support and respect the protection of internationally proclaimed human rights in our sphere of influence.

Principle 2. We ensure we are not complicit in any human rights abuses.

Principle 10. We work against corruption in all its forms, including extortion and bribery.

Grifols is a publicly traded company

No extra-statutory or concerted actions

The share capital of Grifols S.A. amounts to 119,603,705 euros and is represented by 687,554,908 shares, fully subscribed and paid up, belonging to two different classes:

  • Class A shares: 426,129,798 ordinary shares with voting rights with a par value of EUR 0.25 each, listed on the Barcelona, Madrid, Valencia and Bilbao Stock Exchanges and the Spanish Continuous Market System.
  • Class B shares: 261,425,110 non-voting shares with certain preferential economic rights and a par value of EUR 0.05 per share, listed on the Barcelona, Madrid, Valencia and Bilbao Stock Exchanges and the Spanish Continuous Market Systems. Class B shares carry a preferential dividend of EUR 0.01 each.

Grifols maintains two American Depositary Receipts (ADRs) programs in the United States: ADR level I for its Class A shares and ADR level III for its Class B shares. Level I ADRs are listed in U.S. dollars on OTC markets, while Level III ADRs are listed in U.S. dollars on NASDAQ.

There are no extra-statutory agreements or concerted actions between shareholders, as well as no restrictions (statutory, legislative or otherwise) on the transferability of securities and/or restrictions on voting rights.

Shareholder composition

Legal framework

Grifols is a publicly traded company in Spain and the United States, and complies with all applicable legislation in both countries.

External regulatory framework

  • Spanish Company Act (Ley de Sociedades de Capital), Securities Market Act and Investment Services (Ley del Mercado de Valores y de los Servicios de Inversión) and other applicable Spanish regulations
  • Spain’s National Securities Market Commission’s (CNMV) Good Governance Code of Listed Companies
  • CNMV’s Technical Guide 3/2017 on Audit Committees at Public-Interest Entities
  • CNMV’s Technical Guide 1/2019 on Nomination and Remuneration Committees
  • U.S. Securities and Exchange Commission (SEC) guidelines
  • NASDAQ Corporate Governance Requirements
  • U.S. Sarbanes-Oxley Act of 2002

Internal regulatory framework

  • Articles of associations
  • General Shareholders’ Meeting regulations
  • Board of Directors regulations
  • Internal codes, regulations and corporate policies

More details on Grifols’ corporate website:

Solid governance

The General Shareholders’ Meeting is Grifols’ sovereign governing body. The company encourages all shareholders to attend, with no minimum share capital requirements. Grifols held its 2023 Ordinary General Shareholders’ Meeting on June 16, with 75.5% of voting capital represented. Grifols’ shareholders approved all the proposals submitted to a vote.

The Board of Directors is Grifols’ highest decision-making body, comprised by 11 members as of February 2023. However, there is one vacancy on the Board.

After the close of the fiscal year, Grifols has announced the addition of a new board member on February 26, 2024, who will hold the category of executive director as of April 1, 2024.

Board members serve their term for a period of four years, without prejudice to their indefinite reelection for such periods.

The board includes a Lead Independent Director, and all committees and commissions are comprised by non-executive directors, at least two of whom are independent. This applies to the Appointments and Remuneration Committee, the Audit Committee and the Sustainability Committee.

Grifols publishes its Annual Corporate Governance Report following its approval by the Board of Directors. The report discloses information on its ownership and management structures, among other issues.

Board of Directors

15 meetings

92.2% attendance

Audit Committee

7 meetings

90.5% attendance

and Remuneration

12 meetings

100% attendance


4 meetings

91.7% attendance

Proven leadership

Board of Directors at year-end 2023

* On February 21, 2023, Steven F. Mayer resigned as Grifols’ Board of Directors member and executive chairperson for health and personal reasons. On February 21, 2023, the Board of Directors appointed Thomas Glanzmann as his successor.
* Grifols shareholders approved the re-election of Raimon Grifols, Tomás Dagá, Carina Szpilka, Íñigo Sánchez-Asiaín and Enriqueta Felip as boards members at the General Shareholders’ Meeting, held on June 16, 2023.
* On December 18, 2023, Víctor Grifols Roura resigned from the Board of Directors as a result of his retirement. On the same day, Albert Grifols Coma-Cros was appointed to the board through the cooptation procedure until the next General Shareholders’ Meeting. On this same day, Tomás Dagá resigned as vice secretary, and Laura de la Cruz was named as his successor.
* On February 5, 2024, it was announced that Raimon Grifols Roura and Víctor Grifols Deu have decided to transition out of their executive positions, and will remain on the Grifols Board as proprietary directors. Additionally, the Board will appoint Nacho Abia as a new director, on February 26, 2024, and he will assume his responsabilities on as new CEO from April 1, 2024, replacing Thomas Glanzmann, who will continue as the executive chairman. Well-orchestrated handsoff transition will take place to ensure appropriate knowledge transfer, organizational adaption and smooth continuity of business operations.
* On February 6, 2024, it was communicated that Albert Grifols Coma-Cros will serve as a non-executive director after stepping down from his executive duties on December 31, 2023.

More information on Grifols board members’ academic credentials and professional profiles:

Appointment of Thomas Glanzmann as Grifols’ new executive chairperson and CEO

In February 2023, Grifols’ Board of Directors named Thomas Glanzmann as the company’s new executive chairperson. With over 16 years as Grifols director and serving as Vice Chairman since 2017, he has also been the chairman of Grifols’ Sustainability Committee from 2020 until february 2023.

Subsequently, on May 8, 2023, Thomas Glanzmann was appointed by the Board as CEO, in addition to his role as Chairman, with the goal of aligning Grifols’ management team structure and streamlining corporate governance.

Expertise and experience

6 with vast industry experience

10 with broad expertise in finance and management

5 with expertise in sustainability

4 with experience in science and innovation

3 with experience in digital transformation and/or cybersecurity


Board members

1 vacancy to fill up to 12 members

1 Lead Independent Director

1 independent directors with 2 mandates in other listed companies

Víctor Grifols Roura will continue as Chairperson of Honor

In December 2023, Víctor Grifols Roura resigned his seat on Grifols’ Board of Directors following his retirement. Mr. Grifols has served in the firm’s leadership for nearly four decades, first as CEO in 1987, as chairperson starting in 2017, and as chairperson of honor from October 2023 onward.

A grandson of the company founder, Víctor Grifols Roura was the chief architect of Grifols’ transformation into a global powerhouse in the hemoderivatives sector. Considered among the industry’s most influential figures, Mr. Grifols will continue to serve as Chairperson of Honor.


6 Independent directors

1 Other external director

1 Proprietary director

3 Executive directors


36% women board members

9% U.S. board members

0% <30 years

18% 30-50 years

82% +50 years

Planned strategy to separate management and ownership

The executive directors, Raimon Grifols and Víctor Grifols Deu, along with the board of directors, have driven a clear roadmap aimed at separating the management and ownership of Grifols, once the company’s recovery from the pandemic has been consolidated. This orderly transition has culminated with the decision of both to leave their executive functions at Grifols, remaining as proprietary directors, and the appointment of a new CEO, who will assume their duties on April 1, 2024. The announcement was made on February 5, 2024.

Executive team at year-end 2023

Alfredo Arroyo Guerra














SELT, a catalyst for enhanced corporate performance

Grifols began its corporate transformation process in 2022 to accelerate its path to sustainable growth and profitability. The company reinforced its corporate governance in 2023 by consolidating the functions of Executive Chairperson and Chief Executive Officer (CEO) in Thomas Glanzmann, and by creating the Senior Executive Leadership Team (SELT).

Led by Grifols’ executive chairperson and CEO, the SELT includes Raimon Grifols, Chief Corporate Officer (CCO); Víctor Grifols Deu, Chief Operating Officer (COO); and Alfredo Arroyo, Chief Financial Officer (CFO). Among its responsibilities are capital allocation, strategy definition, communication, human resources policies, business performance, and oversight of key projects and priorities.

Positioned to bolster growth, enhance corporate performance and deliver on all our stakeholder commitments

Priorities of Grifols’ management team


  • Guarantee plasma supply and access to treatments
  • Promote a diversified network of plasma centers and maximize their efficiency


  • Prioritize critical innovation projects
  • Focus on differentiated products through in-house and investee initiatives projects
  • Integrate innovation and digital transformation projects that streamline processes and add value to the business model


  • Boost our commitment to patients, healthcare professionals and donors


  • Driving leadership
  • Promote a culture based on talent recognition and continuous development
  • Advocate and promote diversity, inclusion and equal opportunity
  • Promote employee health and well-being


  • Reduce debt
  • Financial discipline and cost control
  • Sustainable growth


  • Promote public-private collaborations to bolster countries’ self-sufficiency in plasma-derived medicines
  • Establish promising strategic alliances in core markets


  • Continue forging an organization-wide culture of sustainability
  • Maintain a robust sustainability strategy and roadmap
  • Increase the integration of ESG analyses and evaluations in decision-making processes

Performance and compensation

Grifols is committed to fostering a culture of performance with a laser-focus on execution, efficiency, effectiveness and accountability. Last year, the company implemented short- and long-term incentive strategies to advance this aim.

The Long-Term Incentive Plan is based on the granting of stock options to approximately 220 Grifols employees, including the CCO and COO, and the unique granting of stock options to the executive chairperson, Thomas Glanzmann.

In order to vest the options awarded, beneficiaries must have been continuously employed by Grifols on each vesting date and also meet the following conditions:

  • Achievement of 90% on average over the preceding two years of the following two core metrics, required to collect their short-term annual compensation: (i) economic metrics linked to Grifols’ overall performance as measured by EBITDA (90% weight) and (ii) ESG metrics (10% weight).
  • Successful validation of an individual performance evaluation.

Beneficiaries who serve on the Board of Directors must pass an annual evaluation led by the Appointments and Remuneration Committee. In the remaining cases, beneficiaries must achieve a performance rating of 3 or more on a scale of 1 to 5, being 5 the highest possible score.

Assessments are carried out through the Grifols Performance System (GPS), a standardized tool to assess employees’ effectiveness and potential, as well as provide relevant feedback.

This plan was voted on and approved at this years’ Ordinary General Shareholders’ Meeting.

Long-term variable remuneration

10% ESG metrics

90% financial metrics based on EBITDA

Review and update of Grifols’ Remuneration Policy

The remuneration policy for Grifols’ directors was last approved at the Ordinary General Shareholders’ Meeting on June 10, 2022, effective for fiscal years 2022, 2023 and 2024. In 2023, the Appointments and Remuneration Committee conducted in-depth reviews of the organization’s remuneration systems based on feedback from shareholders, investors and other stakeholders, as well as the consultative vote on the annual remuneration report at each General Shareholders’ Meeting.

Following this review and analysis and advice from the independent external advisor Mercer LLC, the Appointments and Remuneration Committee deemed changes were necessary to Grifols’ remuneration policy. Therefore, reinforcing the firm’s business strategy and long-term sustainability and alignment with its strategic plan, shareholder interests and corporate values, while ensuring prudent risk management and no potential conflicts of interest.

The most salient changes regarding the previous remuneration policy include:

  • Short-term variable in cash remuneration to be paid to Grifols’ executive directors: updated metrics and weighting to promote the company’s overall objectives, with each variable tied to the Group’s financial and non-financial results and subject to appropriate and prudent risk management strategies. This remuneration is now fully paid in cash.
  • As a novelty, it also includes a long-term incentive plan for Grifols’ Chief Operating Officer (COO) and Chief Corporate Officer (CCO), both executive directors. It consists in the award of Class A stock options. Subject to separate terms and conditions, it also includes the award of Class A stock options to the Executive Chairperson to incentivize the attainment of Grifols’ long-term strategic priorities, the sustainability of results over time and the creation of sustainable shareholder value.
  • Establishment of the main contractual conditions of Grifols’ Executive Chairperson agreement.
  • Remuneration of Grifols’ Chairperson of Honor.

More information on Grifols’ remuneration system:
Directors’ Remuneration Policy
Annual Report on Directors’ Remunerations..

Internal regulatory system


  • Code of Conduct
  • Code of Ethics
  • Risk Control and Management Policy
  • Tax Compliance and Best Practices Policy
  • Crime Prevention Policy and Criminal Risk Management System
  • Global Anti-Corruption Measures
  • Anti-Corruption Policy
  • Competition Policy
  • Clawback Policy
  • Global Compliance Program
  • Policy and Procedure of Open Payment Program, U.S.
  • Grifols Ethics Line Policy



  • Diversity and Inclusion Policy
  • Policy on Director Diversity in the Composition of the Board of Directors
  • Remuneration Policy for Directors
  • Health and Safety Policy
  • Mental Health Policy
  • Human Rights Policy
  • Social Action and Community Investment
  • Sustainability Policy
  • Donor Policy
  • Patient Policy



  • Sustainability Policy
  • Environmental Policy
  • Energy Policy
  • Climate Action Policy
  • Biodiversity Policy
  • Internal Code of Grifols, S.A. in Matters Relating to the Stock Market
  • Policy on Communication and Contacts with Stakeholders, Institutional Investors and Proxy Advisors



  • Global Privacy and Data Protection Policy
  • Cybersecurity Policy
  • Quality Policy
  • Supplier Code of Conduct
  • Plasma Donor Policy
  • Patient and Patient Organizations Policy
  • Procurement Policy

*The coverage of the policies, codes and regulations in this table apply all Grifols group companies within the scope of consolidation.

Code of Conduct

  • Adherence by all employees via written consent.
  • Specific training for new hires.
  • The code is available to the entire workforce in Spanish and English on Grifols’ corporate website and employee portal.
  • Any compliance issue is considered a serious breach and may lead to disciplinary actions, including dismissal.

Grifols’ main corporate policies and internal codes and regulations are publicly available on

Code of Ethics

  • Model of conduct extensive to the entire workforce, including senior-level executives and corporate governance bodies.
  • Explicitly endorsed every year by board members, senior executives, directors and area Managers.
  • Any breach of Grifols’ ethical principles may lead to disciplinary actions, including dismissal.

All information on Grifols’ human rights action, see “Sustainability and Human Rights” chapter.

Cybersecurity, privacy and data protection


The Audit Committee on Grifols’ Board of Directors is charged with supervising and evaluating the efficiency of the company’s cybersecurity management and control measures. In this endeavor, the Committee is supported by the Internal Audit and Corporate Risk Management Division, whose director provides updates at least twice a year on cybersecurity management issues.

Grifols’ primary cybersecurity governance and commitments are outlined in the Cybersecurity Policy, approved in 2023 by the Board of Directors.

The head of the Information Security Office (ISEC) reports to the Chief Digital Information Officer and oversees the development and implementation of the company’s cybersecurity policies, standards and procedures, as well as the rollout and effectiveness of its information security management system.

To support the ISEC, Grifols will establish the Global Cybersecurity Committee, composed of representatives from Grifols business units, information technology, legal, operations and services areas. The committee’s goal will be to facilitate the alignment of cybersecurity initiatives with business objectives and strategy; to ensure the global coverage of the information security management system; collaborating in the prioritization and execution of security initiatives and projects; and promoting a culture of protection against cybersecurity threats.

Grifols has the necessary resources to ensure a cyber-environment that supports its business priorities while complying with established cybersecurity objectives.

All of Grifols’ cybersecurity initiatives align with the international framework of the U.S. National Institute of Standards and Technology (NIST) and ISO27001.

In 2023, Grifols recorded no relevant cyberattacks, cyber-related thefts, loss of sensitive data or physical damages that affected the normal development of its operations.

Major actions in 2023:

Identification and protection

Grifols’ information security strategy is grounded on a risk-based approach, and is implemented through the procedures and tools necessary to ensure that cybersecurity risks are identified, monitored and managed appropriately.

The ISEC identifies the security initiatives and projects that must be implemented to achieve the company’s approved risk levels. These initiatives are identified and defined in the Security Master Plan, which is updated on a regular basis.


Grifols’ Security Operations Center (SOC) operates 24/7, providing robust coverage for security events in its data centers, perimeters and workstations. These services respond after receiving alerts from the security information and event management (SIEM) system, defined by the Information Security Office. Grifols’ cyber-intelligence capabilities provide information on threat actors and their techniques and tools, enabling the rapid deployment of controls to thwart successful attacks.

Response and recovery

The incident response team intervenes when events detected by the SOC are likely to become security incidents, using digital forensic analysis and incident response (DFIR) capabilities to analyze, contain and mitigate their risk, as well as prevent recurrences. Grifols conducts regular tests to evaluate the response and recovery capabilities of tools, procedures and equipment.

Additional controls

Grifols has an annual training and cybercommunication plan to bolster its information security management system and promote organization-wide awareness.

This plan is updated to reflect new threats and the specific needs of Grifols’ business areas. Training sessions are mandatory, and, in addition, phishing simulation exercises are carried out, among others, to test employees’ knowledge.

In 2023, 95% of users registered in the Grifols Training Platform (GTP) have completed the global cybersecurity training.

The company’s security certifications include ISO27001 and the National Security Scheme (ENS) for certain activities and group companies.

New Chief Digital Information Officer

Grifols appointed a new Chief Digital Information Officer in 2023 to fast-track the deployment of digital platforms, data science and leading-edge technologies. With this position, the company will advance its efforts to transform and reinforce its core business areas, including donor and customer relations, manufacturing processes, and the development of new therapies and cybersecurity.

Right to privacy and data protection

Grifols aspires to forge trust-based relationships when processing stakeholder data as part of its daily objectives, with two clear objectives: preserving their privacy and preventing data breaches. The company complies with all applicable data-protection laws and regulations, and works with suppliers that provide adequate guarantees and privacy measures. The Global Privacy and Data Protection Policy, mandatory for all employees, includes a robust framework for the processing of personal data, as well as outlines all pertinent data protection and security principles.

All employees receive training on this policy, since training and awareness are critical to protecting privacy. Additional training is also imparted to team members who process personal data as part of the regular job duties. In 2023, Grifols offered privacy training and awareness sessions to over 70% of employees whose roles include the treatment of personal data.

Grifols has rigorous safety, technical and organizational measures to safeguard its organizational assets and users in a cyber-environment, and protect the confidentiality of stakeholders’ personal data, including medical information collected in plasma donor centers and clinical trials.

More information on privacy measures in clinical trials: “Innovation

More information on privacy measures for donors: “Commitment to Donors and Patients

We promote integrity

Grifols’ Compliance Program is supervised by the Board of Directors direclty, through the Audit Committee. Its scope includes, among others, the following areas.

Crime prevention

Grifols does not tolerate any criminal or unethical behavior and strives to prevent and fight against it. This commitment is reflected in the Crime Prevention Policy, that is developed through the Criminal Risk Management System, which aims to prevent, detect or, when necessary, respond to the risks of committing crimes, especially those that could result in the legal liability of the company, by applying specific measures of supervision and control.

The Board of Directors of Grifols is responsible for implementing, maintaining, and continually improving the criminal risk management system, and has entrusted the duties of supervision and control to the Audit Committee. To carry out these activities, the Audit Committee relies on the support of the independent functions of Internal Audit and Enterprise Risk Management -both reporting to the Chief Internal Audit & Enterprise Risk Management-, which assess the effectiveness of the system every year through internal and/or external reviews.

Anti-competitive practices

Grifols’ Competition Policy prohibits its members from any conduct that has the purpose or may have the effect of limiting or distorting free competition in the market against the interests of other competitors and, more serious, against the interests of consumers and users.

Such prohibited conducts include, among others, collusive practices or agreements, such as, for example, sharing market or sources of supply, collective boycott, resale pricing, or the application of unequal commercial conditions, among others; and abuse of a dominant position, such as denying production or supply, imposing predatory prices, or forcing the purchase of unrelated related products, among others.

In 2023, Grifols has not had any legal action or legal proceeding finalized, nor does it have any pending legal proceeding related to unfair competition or infringements in terms of monopolistic practices and against free competition in the markets in which it operates.

Integrated anti-corruption model

Anti-corruption measures for third parties

Grifols’ anti-corruption global program includes control mechanisms for third parties with whom Grifols aims to enter into a business or commercial relationship. Before starting any commercial relationship with Grifols, the contractors and commercial and business partners who operate on Grifols’ behalf are subject to a thorough two-part verification process: a first phase, where Grifols confirms the legitimacy of the potential commercial relationship, and a second phase of due diligence, which includes an in-depth analysis of the third-party, including its organizational structure, key employees, business approach and corporate reputation.

Third-party contracts include current anti-corruption obligations, as well as an annex summarizing Grifols’ Anti-Corruption Policy. At least once a year, they are required to certify full compliance with the ethical standards outlined in this policy.

In certain cases, third-party collaborators such as international distributors are also required to complete periodic online training on anti-corruption issues, for example, the U.S. Foreign Corrupt Practices Act (FCPA).

The contracts with third parties also include a clause giving Grifols the right to perform audits and terminate commercial relations in the case of non-compliance with these norms.

Internally, employees are responsible for constantly monitoring the day-to-day activities of the third parties under their management area. Both the potential violations alerts system and the continuous monitoring process aim at detecting possible red flags and, as such, manage and resolve these adequately and as promptly as possible.

Anti-Corruption Policy

Extensive to all employees regardless of the site where they perform their duties and the affiliate or subsidiary to which they belong, as well as to third-party collaborators, Grifols’ Anti-Corruption Policy outlines the standards of conduct and interactions with civil servants and public-sector organizations and agents, as well as private-sector organisms and entities.

The company has diverse review processes to ensure compliance as part of its overall anti-corruption program.

Grifols has zero tolerance for acts of bribery and corruption, and works towards the goal of maintaining zero cases of corruption.

The company does not tolerate any form of retaliation against those who in good faith report a possible violation of applicable laws, rules and regulations, or non-compliance with internal policies and procedures. Grifols has internal procedures that explicitly define the acts considered as bribery and corruption, and that include a list of the applicable disciplinary actions if a violation of its Anti-Corruption Policy is detected, including the possibility of dismissal.

Confirmed cases of corruption in 2023


Number of interactions reviewed in 2023 between Grifols employees and government officials/other professionals


Grifols Anti-Corruption Policy is available

Training sessions

To ensure compliance with anti-corruption policies and procedures, Grifols holds regular training sessions for both current staff and new recruits. Those employees who, due to their duties, interact more frequently with public officials or perform functions related to the marketing of Grifols products or services, receive additional and reinforced training.

Training sessions

of Grifols’ employees most likely to observe cases of corruption informed of anti-corruption policies and procedures


95% of employees received specific training

Review process

Compliance with the Anti-Corruption Policy is reinforced by a series of review processes according to the type of interaction (articulated through various internal procedures), under the supervision of the compliance function. While special attention is given to higher risk operations, reviews of interactions with government officials, public agencies, healthcare professionals and/or healthcare organizations include the analysis and management of potential conflicts of interest. The review processes are intended to cover the full range of Grifols’ activities in the market


As part of its annual audit plan, the Internal Audit department reviews the compliance risks of the different departments and business units, including the risk of corruption. External and independent audits are also carried out on diverse aspects of Grifols’ Global Anti-Corruption Program.

If a potential case of corruption is detected, the company launches an internal investigation, including the participation of external legal advisors. The Global Compliance Review Committee supports the Board of Directors Audit Committee regarding its supervision of the Global Anti-Corruption Program.

The Board of Directors of Grifols, S.A. is the chief authority for supervising compliance with the Anti-Corruption Policy, delegating these responsibilities to the Audit Committee.

Employees most likely to observe cases of corruption who have been informed on anti-corruption policies and procedures by professional category
  Grifols Biotest
  Informed % Informed %
Executives 17 2% 6 7%
Directors 108 10% 3 3%
Senior Management 156 15% 7 8%
Management 179 17% 21 24%
Senior Profesionales 346 34% 17 19%
Professionals 191 19% 35 39%
Administrative and manufacturing operators 32 3% 0 0%
Total 1,029 100% 89 100%

Grifols data includes Biotest Italia, S.R.L., Biotest Medical, S.L.U., Biotest Farmacêutica LTDA, Biotest France SAS, Biotest (UK) Ltd., 100% owned by Grifols SA and under the supervision of the Corporate Compliance department of Grifols SA. Biotest data includes information from the Biotest AG group under Biotest Compliance supervision.

Money laundering

Grifols has stringent mechanisms, procedures and policies to prevent, detect and respond to possible money laundering breaches in the course of its business operations.


Grifols has assessed its exposure to the risk of money laundering and terrorist financing as part of the criminal risk management system risk assessment, identifying activities with higher associated risks and the primary control mechanisms to mitigate them.


In addition to the reviews conducted through the criminal risk management system, the Grifols Ethics Line is the reporting channel enabled to report confidentially on any breach or irregular behavior, including suspicious money laundering transactions.

Reaction and response

Grifols has an investigation and response protocol, as well as a sanctioning system.

We are transparent

Interactions with healthcare professionals and organizations

Grifols’ interactions with global healthcare professionals and organizations enrich its knowledge and awareness of patient behavior and disease management, which are critical to improving the quality of patient care and expanding treatment options. Conducted with maximum integrity and transparency, these relations are regulated by Grifols’ Global Compliance Program.

The company’s Gifts and Hospitality Policy informs employees of the appropriate standards and established limits for managing transfers of value and hospitality to healthcare professionals, public officials and other individuals.

United States

The U.S. Sunshine Act (PPS Act) requires manufacturers and group purchasing organizations (GPO) of pharmaceuticals, biologicals, medical devices and medical supplies to itemize all information relating to payments and transfers of value to specific professionals and healthcare organizations, including physicians, mid-level practitioners and teaching hospitals. The Centers for Medicare and Medicaid Services (CMS) publishes information extracted from these reports every year in the month of June.

Grifols has a policy and procedure regarding its transparency program and its compliance with reporting obligations defined by federal and state agencies.

The company adheres to the Pharmaceutical Research and Manufacturers of America (PhRMA) and the Advanced Medical Technology Association (AdvaMed) Codes on Interactions with Healthcare Providers, and continues to develop compliance systems to reflect the latest code updates (AdvaMed in June 2023 and PhRMA in January 2022). Both codes aspire to bolster the ethical norms and principles in interactions with the healthcare community.

In accordance with these principles, healthcare companies like Grifols can hire external consultants or advisors under the following conditions: the selection process is based on qualifications and experience and for a specific need; financial compensation reflects fair market value established for these services; and the relationship is formalized through a written contract.

Grifols imparts a transparency-training program for all employees whose roles require them to interact regularly with U.S. healthcare organizations and professionals. In total, 78 U.S.-based employees took part in these sessions.


In Europe1, Grifols voluntarily adopted practices outlined in Chapter 5 of the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code, making them extensive to all corporate divisions and operations.

In 2023, for the eighth consecutive year, Grifols disclosed all payments and transfers of value to healthcare organizations and professionals in the various European countries defined by the EFPIA Code. The company’s transparency program includes procedures and processes to ensure compliance with this initiative.

As a member of MedTech Europe, Grifols’ Code of Ethical Business Practice likewise reflects these transparency guidelines, including the disclosure of Training Grants carried out in 2022. In addition, the company discloses all information related to country-specific transfers of value in compliance with local regulations.

Under the Open Payment Program, transfers of value in the U.S.

-53% vs 2021

In accordance with EFPIA criteria in Europe

+3% vs 2021
75.9% transfers of value related to R&D

1. The EFPIA Code includes the following countries: Austria, Belgium, Bosnia-Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Iceland, Italy, Latvia, Lithuania, Luxemburgo, Malta, North Macedonia, Norway, the Netherlands, Poland, Portugal, Romania, Russia, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine and United Kingdom.

Grifols’ corporate website includes a methodology note and specific reports on transfers of value to healthcare professionals and organizations in concrete countries. This information is publicly available.

Transfers of value by type
EUROPE - GRIFOLS 2022 2021 2020
Euros % Euros % Euros %
Services 1,294,739 7% 1,006,669 5% 539,293 4%
Contributions to professional healthcare events 293,171 1% 57,272 0% 21,443 0%
Contributions to cover costs of healthcare events 2,505,772 13% 1,978,053 11% 1,334,663 10%
Grants2 628,962 3% 280,272 1% 199,827 2%
Third-party R&D collaborations 14,779,095 76% 15,609,633 83% 11,346,476 84%
TOTAL 19,501,739 100% 18,931,899 100% 13,441,702 100%
U.S. - GRIFOLS 2022 2021 2020
Services 935,321 17% 4,128,833 34% 649,483 9%
Contributions to professional healthcare events 645,974 11% 344,243 3% 290,127 4%
Grants 0 0% 0 0% 0 0%
R&D collaborations with third parties 3,058,171 54% 7,025,507 59% 4,552,923 63%
Investigator sponsored research 1,023,755 18% 483,866 4% 1,772,579 24%
TOTAL $5,663,221 100% $11,982,449 100% $7,265,112 100%
Euros %
Services 264,091 2%
Contributions to professional healthcare events 240,973 2%
Contributions to cover costs of healthcare events 8,455,016 77%
Grants2 304,000 3%
Third-party R&D collaborations 1,747,144 16%
TOTAL 11,011,226 100%

1. Transfers of value in Europe as defined by the EPFIA Disclosure Code. ToVs included with one-year intervals.
2. Includes research grants. Research data as defined by the EPFIA Disclosure Code do not reflect the company’s entire R&D investment.
Biotest data includes information from the Biotest AG group under Biotest Compliance supervision.

Public affairs management

Advocacy is a legitimate and fundamental part of the democratic process, providing a channel for people to share their viewpoints and concerns with public officials. Grifols’ advocacy entails interacting with policymakers and political circles to raise awareness on the vital importance of plasma-derived medicines and the need for unrestricted access in healthcare centers. The Code of Conduct and Anti-Corruption Policy offers guidelines and standards of interaction between Grifols employees and public officials.

Grifols follows the highest ethical standards in its dealings with public officials, acting with the utmost integrity and transparency. In the U.S., Grifols complies with all federal, state and local regulations, regularly submitting transparency reports on its lobbying-related expenses to the U.S. Congress in compliance with the Lobbying Disclosure Act (LDA).

Grifols’ lobbying disclosure reporting requirements are governed by standard operating procedures and encompass all of its activities in the U.S. and European Union. The company does not make campaign contributions to political candidates or government officials, either directly or indirectly.

Grifols joined the European Union’s Lobby Transparency Register in 2019, adhering to the rules of conduct governing relations with European Union institutions as articulated in its code of conduct. Through this register, the company has a platform to disclose its interactions with EU institutions and share its activity and positions on public consultations. The company also takes an active role in public consultations related to health and industrial policies.

Grifols is a member of three other EU organizations: Plasma Protein Therapeutics Association (PPTA), European Confederation of Pharmaceutical Entrepreneurs (EUCOPE) and MedTech Europe.

  2022 2021 2020
Lobbying Expenditures in the U.S. as Reported Under the LDA. These amounts reference lobbying expenses, not political campaign contributions. Grifols does not make political campaign contributions in the U.S. USD 815,000 USD 590,000 USD 510,000
Estimated annual costs related to activities covered by the European Transparency Register EUR 100,000 - 199,000 EUR 100,000 - 199,000 EUR 100,000 - 199,000

2020 and 2021 data includes US contributions at federal level only. Data for 2022 also includes state contributions.

Highlights in 2023

Grifols’ European involvement

Grifols participates in health policy discussions with a broad network of EU stakeholders to help improve people’s access to health care. In 2023, the company actively participated in the following public consultations:

  • Draft regulation on Substances of Human Origin (SoHO)
  • Draft regulation and directive on Pharmaceutical Legislation

Review of EU pharmaceutical legislation

In 2023, the European Commission released a proposal to update general pharmaceutical legislation which must be followed by its applicable legislative process in the EU Parliament and Council. In this regard, Grifols has collaborated with diverse institutions to make sure the proposal advances access to healthcare and R&D investments in the European pharmaceutical space, while recognizing the unique nature and qualities of plasma-based medicines.

SoHO: new legislation on substances of human origin

On December 14, 2023, the European Parliament and the Council reached an agreement to further increase the safety and quality of substances of human origin (SoHO) following the Commission’s July 2022 proposal. The new SoHO rules lation aims to increase citizens’ protection when donating or receiving such substances as blood, tissues or cells or the products derived from them. In the case of plasma, it also seeks to contribute to ensuring its availability, as it is an essential substance for the production of plasma medicines on which nearly 300,000 European citizens depend.

The next steps include the formal adoption of the SoHO regulation by the Parliament and the Council, from which point EU member countries will have 3 years to implement it. Once adopted and implemented in all countries, the regulation will replace the safety and quality standards set out in two directives (2002/98/EC on blood and blood components and 2004/23/EC on tissues and cells) and their implementing acts.

More information:

Grifols Ethics Line

Grifols Ethics Line is the communication channel enabled by the company that allows employees and external stakeholders to raise concerns about ethical issues, or report any conduct that may constitute a violation of applicable laws, rules and regulations, as well as internal policies and procedures -including those related to human rights-, in a confidential manner. Grifols implemented this communication channel in 2011.

With the objective of adapting this communication channel to the new European requirements, , the company adopted the Grifols Ethics Line Policy in 2023. This policy sets out Grifols’ approach to protecting whistleblowers with the aim of encouraging and supporting individuals to report concerns in good faith. It also provides guidance on how to raise concerns about misconduct, illegal activities or unethical behavior, and the steps to follow for reporting, investigating and resolving these issues.

All allegations are addressed following a standard operating procedure to make sure they are thoroughly and effective investigated, and determine if corrective measures are necessary. To ensure the proper functioning of this process, Grifols has appointed the Chief Internal Audit as the person responsible for the Grifols Ethics Line (Global Ombudsperson). Additionally, when legally required, local communication channels have been established and persons responsible for them have been appointed, in order to ensure compliance with the specific requirements established in those jurisdictions.

Grifols does not tolerate retaliatory measures of any kind against those who in good faith report possible violations of applicable laws, rules and regulations or non-compliance with internal policies and procedures. Retaliation may lead to disciplinary action, including dismissal.

In 2023, Grifols received a total of 363 complaints through the Grifols Ethics Line, of which 135 have been confirmed.

Of the 135 cases confirmed in 2023 (148 in 2022), 5 cases (4 in 2022) related to human rights violations were identified, all of them linked to cases of harassment within the organization. Disciplinary measures have been taken in all cases. Furthermore, no allegations of corruption, money laundering, insider information or customer data privacy were received during 2023.

Access the Grifols Ethics Line Policy

More information on Grifols Ethics Line

  Number of communications Number of confirmed cases
  2023 2022 2023 2022
Corruption or Bribery 0 0 0 0
Workplace discrimination or Harassment 97 54 33 18
Customer privacy data 0 0 0 0
Conflicts of interest 9 8 7 2
Money laundering or insider trading 0 0 0 0
General concern 40 104 4 42
Health, Safety and environment 7 14 2 7
Failure to comply with quality, regulatory or manufacturing standards 6 4 4 1
Misconduct or inappropriate behavior 120 96 62 49
Others 84 75 23 29
Total 363 355 135 148

Risk management and control

Risk management in Grifols

The Risk Control and Management Policy establishes the basic principles and the general framework of action for the identification, evaluation, control and management of the risks, of all kinds, that Grifols faces. Its objective is to provide greater confidence in the achievement of Grifols objectives and strategy to patients, donors, employees, shareholders, customers, vendors and other stakeholders, through the anticipation, control and management of the risks to which Grifols is exposed.

This policy is implemented through a comprehensive risk control and management system based on the principles outlined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) which includes: governance and culture, strategy and objective-setting, performance, review and revision, information, communication and reporting.


The Board of Directors of Grifols proposes the Risk Control and Management Policy to ensure that the company achieves its objectives and meets the expectations of its stakeholders, delegating the supervision of the effectiveness of the risk management system to the Audit Committee in coordination with the Corporate Risk Committee

The Audit Committee includes independent directors who oversee the effectiveness of Grifols’ risk management system by ensuring its main risks are adequately identified, managed and communicated. In this role, the Audit Committee receives support from the independent functions of Internal Audit and Enterprise Risk Managemen (ERM), which reports to the Chief Internal Audit and Enterprise Risk Management.

Both the Board of Directors and the Audit Committee meet periodically with the heads of the company’s business areas, assurance functions, external legal advisors and external auditor to discuss issues related to the company’s risk management.

The Corporate Risk Committee is composed of a multidisciplinary and multifunctional team, which includes members of the management team and other senior executives, as well as the secretary of the Audit Committee. The Corporate Risk Committee is responsible for overseeing the assessment, management and monitoring of risks, and for ensuring the integration of risk management into business processes.

The Enterprise Risk Management department assists the Corporate Risk Committee in developing and implementing risk-management policies and procedures.

Internal management framework

  • Risk control and management policy
  • Risk management procedure
  • Emerging risks procedure
  • Risk valuation model

Risk management procedures in Grifols

Grifols has a comprehensive and continuous risk control and management process to identify, evaluate and manage all relevant risks that Grifols faces or may face, as well as assure that risk considerations are integrated throughout the organization.

Principles of the risk control and management system

  1. Establishment of a risk appetite framework, with the levels of risk deemed acceptable by the company and aligned with Grifols’ objectives.
  2. Leadership of senior management, who will provide the necessary resources.
  3. Integration in management processes, especially those related to strategy and planning.
  4. Segregation of duties between the business areas and the areas of supervision and assurance.
  5. Comprehensive and harmonized management to ensure all risks are managed through a common identification, assessment and treatment process.
  6. Continuous improvement through periodic reviews of the suitability and efficiency of applying the system and the best practices and recommendations in the area of risks.

The procedure applies to Grifols, S.A., and its subsidiaries, and covers all risk categories defined in the Risk Control and Management Policy.

Grifols’ Risk Management Procedure includes the following recurring activities:

Risk identification and assessment

Quarterly, the ERM department conducts regular risk scans to identify emerging risks affecting Grifols through reviews of credible external sources of information (e.g., Gartner’s quarterly emerging risk report, World Economic Forum’s global risk report, etc.); and through one-on-one discussions with internal stakeholders, as needed; and monitors top risks based on the evolution of the metrics selected as risk indicators.

Twice a year, the ERM department also surveys a group of employees (risk liaisons) selected based on their position and expertise, to assess the Company’s top risks and emerging risks, and to identify response plans and potential opportunities. These surveys, along with other internal and external risk scans are used by ERM to update the company’s risk map.

Risks are evaluated in terms of impact and likelihood of occurrence, following the ERM’s Risk Valuation Model. To rank risk for prioritization, ERM completes the risk scoring by considering risk velocity and risk interdependencies.

The risk classification proposed by ERM undergoes review and approval by the Corporate Risk Committee, which prioritizes those risks requiring immediate response and/or enhanced oversight

Grifols’ risk classification and prioritization

The full description of the risks of Grifols is public and is available in the last 20F for the year 2022, submitted and approved in April 2023.

Risk 1: Debt leverage ratio

A high level of indebtedness could have significant adverse effects on Grifols’ business, making the company more vulnerable to economic downturns and restricting its ability to make strategic acquisitions or exploit other business opportunities (among other impacts).

To this end, Grifols implemented an operational improvement plan to reinforce its competitiveness and build a more efficient and cost-effective organization. The plan focuses on three major areas: optimizing plasma costs and operations, streamlining corporate functions, and enhancing other efficiencies across the organization.

Risk 2: Cybersecurity

Information security risks have been on the rise in recent years, due to an increase of cyber-attacks and data breaches perpetrated by cybercriminals, insiders, or affected third parties, leading to business interruptions and exposure of sensitive data.

To this end, the company has implemented a comprehensive information security management system, aligned with international standards and best practices, that sets out clear objectives, roles and responsibilities, as well as policies and procedures to: (i) identify and assess cybersecurity threats; (ii) protect critical assets; (iii) detect and respond to cybersecurity threats; and (iv) recover business processes affected by a cybersecurity incident.

Risk 3: Competition and technological changes

Grifols faces significant market competition. Its current and future competitors may increase their sales, lower their prices, change their distribution model or improve their products, undermining Grifols’ product sales and market share.

Risk 4: Research and development of products

Research and development represents a significant aspect of Grifols’ business, whose core R&D objectives are to (i) discover and develop new products, (ii) research new applications for existing products and (iii) improve manufacturing processes to improve yields, safety and efficiency.

The company faces various obstacles to successfully converting these efforts into profitable products, including, but not limited to, the successful development of an experimental product for use in clinical trials; the design of clinical study protocols acceptable to the FDA and other regulatory agencies; the successful outcome of clinical trials or its ability to scale its manufacturing processes to produce commercial quantities.

Risk 5: Talent attraction and retention

Grifols’ future success depends on its ability to retain members of its senior management and capacity to attract, retain and motivate qualified personnel. The company is highly dependent on the core members of its executive and scientific teams. For this reason, the recruitment and retention of qualified operations, finance and accounting, scientific, clinical and sales and marketing personnel will be critical to its success.

Risk 6: Ethics and integrity

Grifols’ business is subject to extensive government regulation and oversight in its numerous markets of operation. The promotion, the marketing and sale of pharmaceutical products and medical devices is highly regulated and subject to increasing governmental supervision around the world. This regulatory and oversight trend is expected to continue.

Risk 7: Supply chain

A significant disruption in the company’s supply of plasma could have a material adverse effect on Grifols’ business and growth plans. Most of its revenue relies on its access to U.S. source plasma (plasma obtained through plasmapheresis), the main raw material for Grifols’ plasma derivative products.

Risk 8: Innovation and digital transformation

Grifols’ investment in new technologies, processes, and business models entails navigating various obstacles and risks, including discrepancies with its vision and objectives, cultural barriers, skill deficiencies, resource limitations, and external disruptions. These challenges have the potential to undermine the anticipated benefits of digital transformation and diminish the company’s competitiveness within the industry.

Risk 9: U.S. biopharma market

The existence of direct and indirect price controls and pressures over Grifols’ products has affected, and may continue to affect, the company’s ability to maintain or increase gross margins.

Proposed U.S. federal and state legislation have targeted drug pricing, including direct negotiations with manufacturers over price, reimbursement and discounts. Plasma protein therapeutics have been excluded from certain aspects of the several legislations. However, there is a continuing risk that Grifols’ products may be subject to new pricing restrictions.

Risk 10: Product safety and quality

Non compliance with quality and safety regulations could potentially harm the health and safety of patients, donors and/or participants in clinical trials, lead to product liability claims or product recalls, resulting in significant financial losses and negative reputation impacts.

Summary of main risks according to 20F of the year closed to 2022 public and accessible through this link.

Emerging Risks

Grifols’ risk management process includes the identification and evaluation of emerging risks, understood as new risks or risks which, although known, arise in a new or unfamiliar context and could wield a potential long-term impact on the company’s activity.

Risk 1: Geopolitical instability

Risk description:

The risk of potential disruptions and uncertainties arising from political decisions, events or conditions in specific regions or countries has increased in recent times, increasing the possibility of adverse impacts on the company’s operations, supply chain, regulatory environment and market access as a result of geopolitical tensions, policy changes, trade disputes and other geopolitical factors.

Potential impacts:

  • Market access limitations: Geopolitical developments, such as changes in diplomatic relations or trade agreements, could limit the company’s access to key markets, impacting sales and revenue growth.
  • Supply chain disruptions: Geopolitical instability, such as regional conflicts or political unrest, or the escalation of trade tensions between regions or blocks leading to increased tariffs or trade barriers, may disrupt the global supply chain, affecting the cost structure and competitiveness of the company.
  • Regulatory challenges: Changes in pharmaceutical regulations or shifts in regulatory enforcement practices in key markets such as the United States and China could create hurdles in terms of product approvals, manufacturing compliance, and market access.

Mitigation action plans:

  • Monitoring and analysis of geopolitical developments.
  • Diversification of manufacturing and supply chain across different regions, reducing reliance on any single country or region and enhancing resilience against supply chain disruptions.
  • Comprehensive regulatory compliance monitoring to closely monitor and adapt to changes in pharmaceutical regulations in key markets.

Risk 2: Cybercrime Sophistication

Risk description:

The risk that the level of complexity, advancement and innovation of cyberattacks exploit vulnerabilities in the company’s digital infrastructure. The convergence of artificial intelligence (AI) and quantum computing with traditional cyber threats can significantly amply the potential for highly sophisticated and disruptive attacks.

Potential impacts:

  • Disruption of critical business operations, including the compromise of interconnected systems and partners, can lead to cascading effects.
  • Leakage of sensitive personal data, including health data from donors and patients.
  • Deepfake threats to leadership and communications: AI-generated deepfake technology may be employed to create convincing fake videos or audio recordings, leading to damages, misinformation and distrust within the organization, and damaging the company’s credibility and reputation.

Mitigation action plans:

  • Continuous identification and assessment of cybersecurity risks, including third-party risks.
  • Security measures to protect the confidentiality, integrity and availability of information systems and associated processes (including information systems managed by third parties), and continuous monitoring of their effectiveness.
  • Effective response and recovery programs, encompassing people, processes, information systems and technology.
  • Highly qualified cybersecurity team, comprised of management, information technology and legal personnel.
  • Training for employees, executives and directors regarding cybersecurity risks, and protection of sensitive and personal data.

Promoting a risk culture

A solid risk culture is essential for organizations to effectively identify, assess and manage the risks that could impact their operations. Grifols delivers training and awareness programs to encourage employees throughout the organization to identify risks and work to actively mitigate them, as well as promotes transparent communications among employees in risk-related functions.

Currently, three non-executive members of Grifols’ Board of Directors, in addition to the secretary of the Audit Committee, have proven experience in risk management and control and, from their leadership roles, contribute to fostering a risk management culture throughout the company.

Training: Grifols develops and imparts training and awareness-raising plans to ensure employees have a solid theoretical foundation and practical knowledge of environmental issues, health and safety, compliance, cybersecurity, crime prevention, pharmacovigilance and quality, among other areas.

Additionally, the ERM Department is updating the training plan on the general principles of risk management, methodologies, best practices of good governance and emerging risks, for the members of the Board of Directors, Audit Committee, Corporate Risk Committee and employees who participate in the semi-annual risk liaisons assessment.

Members of the Corporate Risk Committee receive regular training on new governance requirements and trends. Twice a year, they also participate in forums and workshops to assess risks, including emerging risks. Members of the Audit Committee (non-executive directors) also receive this training through yearly meetings.

Transparent communication: Grifols organizes regular meetings with risk managers and workshops and surveys with other employees to encourage transparent communication regarding its corporate risks.

Integration of risk criteria in product development: Grifols incorporates risk criteria into the intellectual property and quality requirements followed throughout the product development and approval processes.