COMPLIANCE PROGRAM

Genentech engages in research, development, manufacture, and marketing of biotechnology products for serious or life-threatening diseases, including commercialization of those products. Genentech strives for the highest standards of corporate conduct and is committed to establishing and maintaining an effective and comprehensive corporate compliance program. As a part of this effort, we have adopted a compliance program that addresses the matters covered by the May 2003 publication "Compliance Program Guidance for Pharmaceutical Manufacturers" ("OIG Guidance"), which was developed by the United States Department of Health and Human Services Office of Inspector General ("OIG"). The OIG Guidance gives broad discretion to manufacturers in the development, design and definition of scope of a compliance program.

Genentech's Comprehensive Compliance Program may be referred to as our "Compliance Program" throughout this description. Our Compliance Program applies to our officers and employees in their activities on behalf of Genentech.

Our Compliance Program's purpose is to assist Genentech in maintaining compliance with the laws, regulations and company directives and guidance that apply to our products, to train our employees on these matters and to prevent, detect, and correct instances of non-compliance. Genentech expects that our officers, employees and agents will comply with all applicable Genentech directives, policies, and guidance, as well as the related laws, regulations, and health plan program requirements. In the event that Genentech becomes aware of non-compliance, we will investigate the matter and, where appropriate, take disciplinary action, up to and including employee termination, and implement corrective measures to prevent future non-compliance.

Genentech's Compliance Program is described below. Our Compliance Program is dynamic; we intend to regularly review and modify our Compliance Program to meet our evolving compliance needs. Accordingly, the Compliance Program may be amended or revised by Genentech from time to time.

1. Leadership and Structure

Genentech's Chief Compliance Officer has overall responsibility for oversight of Genentech's Compliance Program. This includes oversight of the development and operation of the Compliance Program. The Chief Compliance Officer has been vested with the authority relating to compliance within the organization and shall exercise independent judgment concerning these matters. In this role, the Chief Compliance Officer reports directly to the Chief Executive Officer. Genentech’s Chief Healthcare Compliance Officer reports into the Chief Compliance Officer. The Chief Healthcare Compliance Officer is responsible for overseeing the healthcare compliance policies and makes reports to the Board of Directors concerning operation of the Compliance Program.

2. Written standards

Genentech has adopted the Company's U.S. Pharma Code of Conduct which helps to guide our daily operations and reflects the unique business and regulatory environment in which we operate. Our U.S. Pharma Code of Conduct reflects our consideration of the OIG Guidance.

Annual Spending Limit

Genentech also has established guidance regarding appropriate interactions with health care professionals. It is Genentech's policy to comply with the Pharmaceutical Research and Manufacturers of America (PhRMA) "Code on Interactions with Health Care Professionals," dated January 1, 2022, which includes limits on gifts, meals and other activities with health care professionals.

For purposes of complying with the California Health and Safety Code 119402, Genentech has established, commencing July 1, 2005, a maximum annual aggregate dollar limit of $2,000 for gifts, promotional materials or activities provided to California health care professionals. This dollar limit represents a spending cap, not a goal or average, and typically the amount spent per physician is anticipated to be substantially less than this maximum amount. Waiver of the limit would require the approval of the Chief Healthcare Compliance Officer.

To attempt to assure that health care professionals ("HCP") fully understand our products, Genentech representatives may take time to explain the benefits and risks associated with them, as well as the relevant clinical efficacy studies and mechanisms of action, where appropriate. Some of these informational and educational presentations may take place over the course of a modest meal to avoid taking HCPs away from important time with their patients.

On occasion, Genentech does provide medically-relevant and patient-oriented items to HCPs that conform to the PhRMA Code. Some examples include anatomical models, patient education charts and information that is useful for patients in understanding or managing their condition and/or treatment.

3. Education and Training of Genentech Staff

A critical element of our Compliance Program is education and training. Genentech is committed to implementing programs to effectively and timely communicate our directives and guidance to affected personnel. New personnel will receive such training as part of their initial training and existing personnel are expected to receive compliance training on at least an annual basis. Moreover, Genentech will review and update its training programs periodically, as well as identify additional areas of training on an ongoing basis.

4. Internal Lines of Communication

We expect Genentech employees, officers and directors to promptly report suspected, planned or actual violations of our directives and guidelines and/or laws which govern our commercialization activities. We encourage reports to be made to a supervisor, manager, or directly to the Chief Healthcare Compliance Officer. If these individuals are not available or if the reporter prefers, reports of violations, including those from outside the company, may be made on an anonymous basis via gCom, Genentech's Compliance and Ethics toll-free phone line. gCom is available 24 hours a day, 7 days a week by calling (866) 411-4266.

We also encourage our employees, officers, and agents to ask questions about any activity where they are unclear about a potential violation or application of our Compliance Program. Questions may be posed through any of the established channels.

Acts of retaliation or retribution against an employee or officer who in good faith reports a potential, suspected, planned or actual violation or application of our directives and guidelines and/or laws which govern our activities are not permitted and will be dealt with appropriately.

5. Auditing and Monitoring

It is a role of the Chief Healthcare Compliance Officer to develop a plan for auditing and monitoring compliance with Genentech's Compliance Program and the implementation of related directives and guidelines. These audits are intended to identify potential or existing problem areas and to take corrective measures in an effort to prevent the recurrence of non-compliance. The nature of our reviews as well as the extent and frequency of our compliance monitoring and auditing varies according to a variety of factors, including new regulatory requirements, changes in business practices and other considerations.

6. Responding to Potential Violations

An additional role of the Chief Healthcare Compliance Officer, or a designee, is to oversee the review of non-compliance reports and determine whether further investigation is necessary. Audit findings also are reported to the Chief Healthcare Compliance Officer. When deemed necessary, the Chief Healthcare Compliance Officer, or a designee, will conduct an investigation into potentially non-compliant activity to determine whether a violation of Genentech’s directives and guidelines has occurred. As necessary to evaluate a report, audit findings, or to undertake further investigation, the Chief Healthcare Compliance Officer may request the assistance of outside experts or legal counsel.

7. Corrective Action Procedures

Another role of the Chief Healthcare Compliance Officer is to oversee the implementation of corrective measures in response to non-compliance with Genentech's directives and guidelines. Corrective measures take into account the findings of reviews of non-compliance, and may include appropriate and consistent disciplinary action regardless of the individual's position within the organization (up to and including termination), assessing whether enhancements should be made to our policies, practices, training, or internal controls, and taking action to prevent future non-compliance.

Genentech is committed to compliance and continually strives to monitor and improve compliance with respect to Genentech’s directives and guidelines.

Declaration

As part of Genentech's continuing commitment to corporate compliance, Genentech declares that, to the best of its knowledge, and based on a good faith understanding of the statutory requirements of California Health and Safety Code sections 119400 and 119402, it has adopted a Comprehensive Compliance Program as mandated by this California law. As of the date of this declaration, Genentech believes it is in compliance with its Compliance Program in all material respects.

Consistent with Genentech's understanding of the California statute, this declaration is limited to those activities undertaken by Genentech that are directed to California. Genentech makes this declaration, in good faith, in the absence of clarifying regulations or guidance from the State of California. This declaration reflects our consideration of the OIG Guidance, which gives broad discretion to manufacturers in the development, design, and definition of the scope of compliance programs.

Copies of this declaration and the Compliance Program may be obtained by calling our Healthcare Compliance Office at (650) 225-4426.

Dated: July 1, 2024