Corporate

COMPLIANCE

Mirum Pharmaceuticals, Inc. (“Mirum”) believes that compliance with applicable laws, regulations, and company policies and directives is a critical component of our ability to develop and deliver important new therapies for people living with rare liver diseases.

The purpose of our Compliance Program is to ensure that we fulfill our promise to patients as well as our employees, stakeholders, investors, and the communities in which we serve by committing to the highest standards of ethical behavior. We believe that our behavior reflects who we are at Mirum. We recognize that a robust compliance program is key to maintaining the trust of the public and respect within our industry. Our goal is to be recognized by patients, providers, and payers for delivering superior value and by employees, partners, and investors for having a great corporate culture, partner relations, and customer service.

As part of this commitment, Mirum has established a comprehensive Compliance Program in accordance with the principles set forth by the US Department of Health and Human Services Office of Inspector General (OIG).

Compliance oversight

Mirum has designated a chief compliance officer (CCO) responsible for developing, overseeing, and monitoring the operation of our Compliance Program. Our CCO reports to the chief executive officer. The CCO has effective lines of communication with other departments of the company with access to the board of directors on compliance-related matters as needed. Mirum has also established a Compliance Committee that is chaired by the CCO and comprised of senior-level representatives from various functions across the company. The Compliance Committee supports oversight of Mirum’s Compliance Program and meets quarterly to review and develop action plans to address compliance-related matters.

Policies and procedures

Mirum has a publicly available Code of Conduct setting forth the company’s commitment to compliance by its management, employees, and agents. Mirum has also implemented internal policies requiring all company personnel to comply with appropriate standards and legal requirements, such as laws, regulations, codes, or other guidelines, as may be applicable in the jurisdictions in which we conduct business.

Further, Mirum has adopted policies and practices consistent with the US Pharmaceutical Research and Manufacturers of America (PhRMA) Code and European Federation of Pharmaceutical Industries and Associations (EFPIA) Code that govern our interactions with healthcare professionals (HCPs). These policies include topics such as appropriate support for medical education, use of HCPs as consultants, provision of business courtesies, and promotion of Mirum products within applicable regulatory framework.

Where required, Mirum has implemented a $3000 per HCP per year limit on educational items, meals, promotional materials, or other items they might receive from the company. These limits are exclusive of the value of grants for medical education, medical scholarships, professional services, or other permitted items under the applicable rules and regulations.

Education and training

Education is a key component of our Compliance Program. Mirum personnel are trained on matters addressed in the Compliance Program, including compliance with our Code of Conduct and company policies and how to report concerns. Refresher and update trainings are routinely provided to personnel addressing topics relevant to the industry and their specific roles, including but not limited to interactions with HCPs, product communications, and data privacy.

Reporting and responding

In addition to its open-door policy, Mirum has established compliance reporting mechanisms including a toll-free hotline and web portal by which anyone can make a report of suspicious activity, anonymously if desired. Company personnel must report any suspected violation of the Compliance Program, law, or company policies using any of the available company resources. Mirum will promptly investigate all such reports; employees may not take any action that would interfere with an ongoing investigation. Personnel making good faith reports are protected from any form of retaliation.