Managing risk | 2024 Annual Report

Risk governance

The Board and its supporting committees, including the Audit and Risk Committee (ARC) and People, Culture, Nomination and Remuneration Committee (PCNRC) oversee and approve Telix’s strategic direction. The Board also retains ultimate oversight of material risks and opportunities. The Board has delegated responsibility to the ARC for risk management, governance and oversight. The ARC receives quarterly reports relating to strategic risks, risk management activities, and the effectiveness of - and operational compliance with - the Group’s Enterprise Risk Management Framework (ERMF) and risk appetite and tolerances. The Board, through the ARC, sets the Group’s risk appetite, which constitutes the boundaries within which Management operates while achieving strategic and corporate objectives.

The MD & CEO, and the Group Executive Team (GET), are ultimately responsible for identifying and managing financial and non-financial risks (including compliance risks) and opportunities relevant to the delivery of the Group’s strategic objectives and operational targets. Accountability for developing and implementing the ERMF sits within our Enterprise Risk Management function, formerly part of the Governance Risk and Compliance (GRC) function, led by the Senior Vice President of Risk and Sustainability.

Our strategy for the management of risk and opportunity substantially follows the guidelines of ISO 31000:2018 – Risk Management and is designed to enable us to: identify and manage risks and opportunities to improve business performance; remain innovative and establish competitive advantage; anticipate and communicate uncertainties; reduce operational losses and surprises; and protect our corporate reputation. Our ERMF data informs leaders in their decision-making from prioritising activities, to resourcing, to escalation.

We manage risk and opportunity through objective and consistent identification, assessment, monitoring, measurement and reporting across the Group. Management executes daily risk management activities, including by making decisions within stated Board-delegated authority; ensuring employees understand their responsibilities for managing risk through a 'three lines' model; and establishing internal controls and guidance for the implementation of the ERMF.

In the three lines model, the first line - consisting of the business units and expert teams - executes core processes and controls. The second line - comprising the Enterprise Risk Management function - sets policies and establishes frameworks to manage risks. The third line, which constitutes internal and external audit, provides independent review of the first and second lines.

Principal risks

The risk context within which we operate is underpinned by:

our purpose to help people with cancer and rare diseases live longer, better quality lives
our mission to deliver on the promise of precision medicine through targeted radiation
our various business activities, including innovation of new products, product development, commercialization and marketing of approved products, service delivery, and research and manufacturing operations
the global regulatory regime, and
our intent to deliver adequate shareholder returns in a complex and/or competitive environment.

We actively manage a range of principal risks and uncertainties with the potential to have a material impact on the Group and our ability to achieve our strategic and business objectives.

During 2024, we reassessed our strategic risk profile to ensure we had appropriately identified risks and opportunities relating to our short, medium and long-term objectives. These principal risks have formed the basis of our forward-looking three-year internal audit plan.

While we have made every effort to identify and manage all material risks, there may be currently unknown risks, or risks that are not detailed below, that may impact our future performance.

Because of the specialised nature of our business and our rapid growth, we are highly dependent on attracting and retaining qualified, scientific, technical and managerial personnel. A failure to do so could harm our R&D and commercialization programs, and materially and adversely affect our business, operating results and financial prospects. The management of people-related risks and opportunity is one of the five pillars of our sustainability strategy. More detail on our programs to build a safe, inclusive and rewarding workplace is included in the Sustainability section of this Annual Report.

A summary of our principal risks is provided below.

Principal risk area	Description of risk	Key mitigation strategies and tactics
Successful commercialization of assets	Telix’s operating and financial performance is dependent on its ability to develop and successfully commercialize its product portfolio. The Group will need to manage and optimally develop its business model and global presence to support the commercialization of its existing and future portfolio. Successful commercialization is subject to the following risks: clinical trials may not succeed or may be delayed regulatory approvals may not be granted or may be delayed accelerated reviews may not be granted or may be delayed acceptable pricing and reimbursement/insurance coverage of products may not be achieved development programs may be delayed the oncology therapy industry is highly competitive and radiopharmaceuticals is increasingly competitive reliance on effective exclusivity and intellectual property protection reliance on licence agreements for key products reliance on third parties for performing studies, research and clinical trials dependence on commercial partnering effective integration of businesses we aquire public and health care provider perception of Telix and Telix products dependance on licensing agreements Telix faces risks in respect to the ongoing success of its first commercial product, Illuccix®. This includes the impact of new and existing competitive products in the market, adequate pricing and reimbursement to address unmet patient need in the longer term, and Telix's ability to continue to drive market growth and market penetration. Changes in the U.S. Federal Government Administration may bring focus and change to tariff regimes and drug pricing, which may impact Telix revenue and operations	Telix’s purpose and mission are implemented through short, medium and long-term strategies, clear near-term objectives restated on at least an annual basis, and forward-looking measurable targets. Telix dedicates resources to attracting , developing and retaining talent to key roles and has implemented dedicated global commercial strategy and global asset development business units. Telix also maintains internal development programs for senior executives. Telix has embedded program development and commercialization planning and reporting systems into its operations - including asset lifecycle management planning, an intellectual property development and management strategy, market access planning, competitive awareness, sales team targets, training and maturity activities. The Group is committed (with appropriate cost/benefit analysis) to investment into required internal infrastructures to support its ongoing commercial success in its complex global environment. Telix has an enterprise risk management approach and an internal audit function dedicated to protecting and enhancing company value. Telix seeks to drive competitive success through its identification and hiring of experienced key talent into senior management, sales, marketing and strategic commercialization roles. Lifecycle planning strategies are in place to enable the identification of opportunities and risks associated with the continuing success of Illuccix®.
Supply chain resilience and responsibility	Nuclear medicine products and technologies have inherently complex manufacturing, supply and logistics chains. Telix is dependent on third parties, including Contract Development and Manufacturing Organizations and radiopharmacy networks, for the manufacture and supply of a substantial portion of our products, both commercial and those under development. Telix is also dependent on the global radioisotope supply chain which can be subject to periodic limitations and disruptions. Disruptions to Telix’s supply chain caused by an interruption to the availability of key product components or cost-effective transportation, satisfactory performance of third-party services, or the loss of a key third-party partner, may result in unexpected delays or increased costs.	Telix has dual supply surety where possible and continues to seek viable and sustainable opportunities for end-to-end supply chain integration within the Group structure - for example, through the acquisition and development of in-house manufacturing capability at its TMS facilities, reducing exposure to third-party risk. Supplier risk programs are critical elements of Telix’s risk mitigation tactics in this area and we aim to continuously improve our vendor selection, diligence and vendor management strategy and framework to manage supply chain resilience and related risk.
Compliance, including legal and regulatory	As a complex global organization, Telix has substantial compliance obligations across its business units, including legal and healthcare compliance, commercial, pricing and regulatory compliance, financial, statutory and taxation compliance, and environmental compliance. The profitability of Telix’s operations and its continued viability - including its ability to have assets successfully approved or commercialized in its operating regions - may be adversely impacted by material non-compliance and/or regional specific legal or regulatory regimes. This could result in delays or rejections of applications (or sanctions if not appropriately managed), fines, civil penalties, changes in legal, regulatory or fiscal regimes, difficulties in interpreting or complying with local laws and reversal of current political, judicial or administrative policies, including as a result of geopolitical tensions.	The risk function is in place to establish and embed the framework to help ensure Telix meets its obligations under applicable laws, regulations, codes and corporate policy. Telix aims to continuously improve its integrated program, which is consistent with ISO 37301:2021 Compliance Management Systems. The pillars of Telix's compliance framework are: inform - ensuring employees are aware of their obligations and the legislative changes that may impact their business units/activities comply - via ongoing review of the compliance register, recorded obligations and completion of activities, and assure - via internal and/or external audit and review of activity where appropriate. Telix has teams and structures in place to enable it to maintain awareness of relevant legal and regulatory changes, including as relates to market access, pricing and reimbursement.
Product pipeline	Telix’s long-term sustainable viability will be determined in part by its ability to continue to identify and successfully develop and fund a pipeline of products capable of commercialization, and will need to be successful in this in a dynamic and changing competitive landscape. Telix will also need to protect and enhance the intellectual property position surrounding its portfolio in the long-term.	Telix has a strong Research and Innovation (R&I) ethos and has developed an R&I team and strategy which is driven to continuously identify and progress early development on a broad pipeline of pre-clinical and clinical assets. Revenue growth from the commercialization of Telix assets, including Illuccix®, will provide the Company with optionality to fund the research and development of its core pipeline assets to address unmet patient needs. The commercial and business development teams remain alert to scientific, medical and market developments and the Group engages expert scientific advisors. The Group dedicates resources to intellectual property protection strategy, competitive monitoring and implementation.
Financial risk	In addition to the above-mentioned risks associated with securing financial viability through the successful commercialization of its product portfolio, Telix faces a variety of risks arising from the unpredictability of financial markets, including the cost and availability of funds to meet its business needs and movements in market risks, such as interest rates and foreign exchange rates. Telix may need to raise additional capital. Telix also faces risks related to maintaining internal controls, including SOX compliance and other financial reporting requirements. Non-compliance may result in regulatory investigations, fines or other penalties, and could adversely affect investor confidence and the value of our stock. Changes in international trade policies or laws may adversely impact our business and operating results.	In addition to mitigation strategies and tactics - as described above - to seek long-term financial sustainability through the successful commercialization of its product portfolio, Telix implements financial risk management practices and procedures aimed at protecting value by managing exposure to financial risks, including those for sound internal controls, cash flow management and controls, customer diligence and payment management, treasury management, and relevant business insurances. Telix is dedicating resources to track changes to international trade policies, tariffs, export controls, or other new laws or regulations that may impact our operations. Telix will continue to investigate and implement strategies to minimize impact, where possible.
Product quality	Telix is committed to delivering high quality innovative medicines to patients and conducting our clinical trials with a philosophy and in a manner that recognizes the importance of patient safety and respecting the rights of participants. Telix’s products are required to comply with a wide range of jurisdictionally unique regulatory requirements aimed at ensuring the quality and efficacy of its products and the safety of patients. Telix’s financial performance and social licence to operate could be adversely impacted by poor or sub-optimal quality products.	Telix has a Quality Management System (QMS) in place based on the international ISO 9001 series of Quality Management standards that is consistently implemented, and risk-based to maintain quality product for clinical and commercial distribution. Telix monitors the health and the continuous improvement of the Quality Management System as part of the Quality Management Review process. This process is governed by Quality Policy QPOL-0064, Telix Global Quality Management Review Policy. High quality clinical research is conducted in accordance with all applicable laws and regulations. When conducting multinational, multi-site trials we follow all applicable legal, ethical and scientific standards. Telix products are researched, manufactured and tested at certified Good Laboratory Practice (GLP), Good Distribution Practice (GDP) and Good Manufacturing Practice (GMP) facilities, and processes, methods and change control are validated. Telix has a Global Safety Review Committee (GSRC) that meets quarterly to oversee safety signal assessments across all Telix products in human use including clinical trials, compassionate use, and post market use. Telix’s Quality and Safety Evaluation Board (QSEB) is responsible for reviewing and evaluating product release and quality and safety issues. The QSEB comprises the CDO, CMO and senior representatives of the quality, regulatory, medical and risk and compliance functions.
Information management and information security including cybersecurity	As a global company, we are exposed to a broad range of information security risks that may compromise our ability to protect sensitive data, maintain operational integrity, and comply with regulatory requirements. These risks include but are not limited to: cyber threats (external) data privacy compliance third-party vendor exposure insider threats emerging technologies business continuity and disaster recovery human error.	Telix has aligned our information security controls to ISO27001:2022. We have in place an Information Security and Information Management (ISMS) program that is subject to ongoing review and internal audit. Telix undertakes business continuity, crisis and disaster preparedness planning. This includes monitoring and enhancing information security capabilities to keep pace with the evolving nature and sophistication of cyber threats. Telix’s Information Technology team seeks to continuously enhance our ability to prevent, detect and respond to cyber-attacks both through implementing new tools and a cyber awareness program for team members.
Environmental risk	Radiopharmaceutical products use radioactive materials, which generate radioactive, medical and other regulated wastes. The possession and disposal of these materials and waste products present the risk of accidental environmental contamination, personnel exposure and physical injury.	We have designed manufacturing, use, disposal and storage processes for radioactive compounds to mitigate the risk of exposure of employees, contractors and others to radioactive materials. These processes are subject to internal and (where relevant) external audit. We have systems and processes in place to enable us to maintain awareness of national radioprotection laws in the jurisdictions in which the Company operates. We have a vendor assurance program whereby we conduct due diligence and internal audit on material suppliers. This includes ensuring our relevant vendors have the appropriate licenses and standard operating procedures (SOPs) as well as regulatory compliance certifications (as relevant) for the safe disposal of radiopharmaceuticals.