California Comprehensive Compliance Program

Exelixis, Inc. is committed to establishing and maintaining a comprehensive and effective compliance program in accordance with California SB 1765 (California Business & Professions Code 119400, 119402), and the Office of Inspector General, U.S. Department of Health and Human Services, "Compliance Program Guidance for Pharmaceutical Manufacturers" (OIG Guidance).

Our Compliance Program reflects our unwavering commitment to the highest standards of corporate conduct and integrity.

COMPREHENSIVE COMPLIANCE PROGRAM DESCRIPTION

The Exelixis Compliance Program, described in further detail below, contains policies, procedures and processes to address risk areas identified in the OIG Guidance and the Pharmaceutical Research and Manufacturers of America "Code on Interactions with Healthcare Professionals" (the "PhRMA Code"). We believe that our Compliance Program is scalable to address the size, organizational structure and operations of our company. As recommended by the OIG Guidance, the Exelixis Compliance Program is regularly reviewed and evaluated to help ensure it continues to meet the evolving needs of our company.

COMPLIANCE PROGRAM OVERVIEW

1. Leadership and Structure

Healthcare Compliance Officer. Exelixis has appointed a Healthcare Compliance Officer, who is charged with establishing, operating and monitoring the Compliance Program. The Healthcare Compliance Officer has direct access to the Exelixis Board of Directors and senior management. The Healthcare Compliance Officer provides regular reports on the status of the Compliance Program to Exelixis senior management, the Exelixis Compliance Committee, and the Exelixis Board of Directors.

Compliance Committee. Exelixis has appointed a Compliance Committee to advise and assist the Compliance Officer in the implementation of the Compliance Program. The Compliance Committee is comprised of senior management from functional units across the company. It meets on a regular basis to assess the compliance program and identify areas for enhancement.

2. Written standards

Exelixis has established written policies and procedures to ensure compliance with the OIG Guidance and PhRMA Code, including the Code of Conduct and Ethics Policy, Policy on Interactions with Healthcare Professionals, and other complimentary policies that outline the company's commitment to compliance and corporate accountability. The standards set forth in the policies apply to all Exelixis employees and adherence to company policies is a condition of employment.

Exelixis does not permit gifts, promotional materials, items, or activities prohibited by the PhRMA Code, OIG Guidance, or FDA regulations. For items and activities that are not prohibited, Exelixis has set a cumulative annual spending limit of $2,500 per healthcare professional, outside of the context of legitimate investigative and consultative arrangements. We track and monitor compliance with this promotional spending limit to the best of our ability and will modify our internal processes as necessary.

3. Education and Training

All employees are required to receive compliance training applicable to their job function and responsibilities, which includes training on the Compliance Program and Exelixis policies. In addition, further specialized training may be provided where a need for additional training has been identified. Annual healthcare compliance training is required of all employees, contractors and agents who engage in, or support, commercial activities. Exelixis regularly reviews and updates its training programs to help ensure it continues to meet the educational needs of its employees.

4. Internal Lines of Communication

Exelixis is committed to open dialogue between management and employees. Our goal is to foster a "speak up" culture where employees may ask questions or report potential instances of inappropriate activity without fear of retribution. We have established a confidential and anonymous Exelixis Helpline number that is available 24 hours a day, seven days a week for reporting known or suspected violations of Exelixis policies.

5. Auditing and Monitoring

Exelixis recognizes that a comprehensive auditing and monitoring plan is critical to maintaining the effectiveness of a Compliance Program. The subject of our auditing and monitoring assessments, as well as the extent and frequency of our reviews, may vary according to a variety of factors, including new regulatory requirements, changes in business practices and other considerations. As appropriate, auditing and monitoring results will be reported to the Legal department and senior management in order to help guide the Exelixis risk-assessment process.

6. Responding to Potential Violations

The purpose of our Compliance Program is to prevent and detect violations of law or company policy. As the OIG Guidance recognizes, however, the implementation of such a program cannot guarantee that improper employee conduct will be entirely eliminated. Nonetheless, it is Exelixis' expectation that employees will comply with the Exelixis Compliance Program, and the policies established in support of such program. In the event that Exelixis becomes aware of violations of law or company policy, we will promptly investigate the matter and, where appropriate, take disciplinary action and implement corrective measures to address potential policy gaps and prevent future violations.

7. Corrective Action Procedures

A key element of the Exelixis Compliance Program is to provide clear disciplinary policies that set out the consequences of violating the law or company policy. After investigation of a reported or detected issue, the company will assess whether disciplinary action is appropriate, and whether a violation is in part due to gaps in our policies, practices, training or internal controls, and take action to prevent future violations.

8. Exelixis Declaration of Compliance

Exelixis, Inc. declares that, to the best of its knowledge, and based on a good faith understanding of the statutory requirements of California Health and Safety Code § 119400 and 119402, as of July 1, 2024, Exelixis, Inc. believes that it is in compliance with its Comprehensive Compliance Program.

CONTACT INFORMATION

For a copy of this Comprehensive Compliance Program Policy, please call 650-837-7000 or email info@exelixis.com.