Governance: Part 2 – Corporate Culture and Business Conduct

11 May 2023

Governance is primarily covered in the ESRS G1 Business Conduct section of the European Sustainability Reporting Standards framework (ESRS, November 2022 draft). Requirement G1-1 represents one of its six main areas. In this article, we cover the information required for reports under the G1-1 Corporate Culture and Business Conduct requirement.

The importance of the G1 standard is described in the first part of the Governance series.

Obviously, the Governance standards (including Requirement G1-1) need to be considered within the remaining ESRS standards, in particular ESRS 1 (General Principles) and ESRS 2 (General Requirements), and other regulations including those outside ESG legislation.

What will businesses be required to report under Requirement G1-1?

Businesses will have to disclose its initiatives to establish, develop, and promote a corporate culture, as well as its business conduct policies. According to ESRS G1, corporate culture means the goals of a business are defined through its values and convictions or, for example, by codes of ethics that governs how the company operates.

The objective of Requirement G1-1 is to report on how the business’s executive, management, and supervisory bodies participate in forming, monitoring, promoting, and assessing corporate culture. It should also reflect the business's ability to mitigate any negative impacts while maximizing its positive impacts related to its business activities, and to monitor and manage the associated risks.

The information should also include a strategy to foster corporate culture, as well as how this strategy is implemented and evaluated.

What exactly will a business have to report?

Under Requirement G1-1, businesses will have to report the following information:

A description of the mechanisms for identifying, reporting, and investigating concerns about unlawful behaviour or behaviour in contradiction to its code of ethics or similar documents. The information must include information on whether the business allows reporting from internal and/or external stakeholders
Anti-corruption and anti-bribery policies consistent with the UN Convention Against Corruption. If the business has no such policies, it must state this condition and whether it has plans to implement them (including a timetable for implementation)
Safeguards for reporting irregularities, including whistle-blower protections that:
1. Protect its workers who refuse to act unethically, even if this refusal may result in a loss of business
2. Prevent retaliation against workers who have been granted whistle-blower status in accordance with applicable law, and against workers who report any unethical conduct.
If the business has no whistle-blower protection policies, it must state this fact and indicate whether it has plans to implement them (including a timetable for implementation)
A statement whether the company is committed to investigating incidents such as corruption or bribery promptly, independently, and objectively
Whether the business has policies in place with respect to animal welfare, where applicable
The business’s strategy for its ethical training, including the target audience, frequency, and depth. This includes identification or definition of the departments/positions that are the most at risk in terms of corruption/bribery.

What aspects must be considered when reporting?

The following aspects should be considered when reporting under Requirement G1-1:

The topics related to corporate culture considered and discussed by executive, management, and supervisory bodies and how often these discussions are held
The topics related to corporate culture promoted in terms of the policies, and what how these topics and values are communicated
How corporate culture is promoted by management
Specific incentives or tools for employees to promote and develop corporate culture.

Why is it important to pay attention to reporting now?

Although the rules defined in the CSRD will not be phased in until 2024, financial institutions, investors, and other entities are already assessing legal, financial, and reputational risks arising from ESG. Any ESG-related deficiencies or misconduct may hinder a firm’s access to financing, its participation in public procurement, or its ability to meet the requirements of its clients or customers who are already starting to address ESG factors with their suppliers and subcontractors.

At the same time, ESG requirements are a global phenomenon and part of today’s reality. The sooner a business begins to implement its ESG policies, the more of an edge it can gain over its competitors.

In conclusion, we would like to note this article is based on the draft ESRS that the EFRAG Board submitted to the European Commission in November 2022. The final form and wording of these standards may therefore be subject to changes and modifications. The adoption of the final ESRS standards by the European Commission is expected in the first half of 2023. We will closely follow further developments and you will learn more in the upcoming parts of our series.

Governance: Part 1 - General outline of new requirements in the area of governance | Governance: Part 3 – Management of Supplier Relationships

More news

Cookie name	Type and function	Source	Storage period
SERVERID	Strictly necessary cookie – Ensures that the user uses the same server during a particular visit/session. The cookie sets the infrastructure provider and represents a functional element.	Solidpixels	Session
CMS-(ID)-FE	Strictly necessary cookie - Stores a unique identifier for a given session on the website	Solidpixels	Session
CMS-(ID)-FE-language	Strictly necessary cookie - Stores a unique identifier for the selected language of the website	Solidpixels	1 day
CMS-(ID)-FE-cookies_allow_ac	Strictly necessary cookie - The cookie stores a visitor's consent settings for the collection of analytical data about his/her movement on the website.	Solidpixels	5 years
CMS-(ID)-FE-cookies_allow_mc	Strictly necessary cookie - The cookie stores a visitor's consent settings for the data collection for marketing purposes.	Solidpixels	5 years
CMS-(ID)-FE-cookies_notification	Strictly necessary cookie - Stores information whether the cookie bar has been confirmed in the past.	Solidpixels	5 years

Cookie name	Type and function	Source	Storage period
_ga	Analytical cookie – The cookie is used to distinguish unique/individual users by assigning a randomly generated number as an identifier. It is included in every page request on your website and is used to calculate visitor data, campaign sessions for page analytics reporting.	Google	2 years
_gat	Analytical cookie – A _gat cookie is used to limit analytics requests in order to restrict the requests sent from your browser to Google services. Cookies have several limitations that can cause excessive reporting of the number of users.	Google	1 day
_gid	Analytical cookie – Registers a unique identifier that is used to generate statistical data about how a visitor uses the website.	Google	1 day
_hjlncludedInSample	Analytical cookie – Used for web analysis by HotJar, identifies the visitor during the session	HotJar	Session
_hjid	Analytical cookie – stores a unique identifier of the website visitor	Hot Jar	1 year
_dc_gtm_UA-*	Analytical cookie – Applies when Google Analytics are embedded via Google Tag Manager. It has the same function as _gat.	Google	Session

Cookie name	Type and function	Source	Storage period
_fbp	Marketing cookie – used to track visits across websites	Facebook	3 months
_gcl_au	Marketing cookie – determines advertising effectiveness on the websites visited by a user	Google Adsense	3 months
NID	Marketing cookie – stores a unique identifier that identifies a returning user and is used for advertising targeting	Google	6 months