Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library ESRS ESRS G1 G1-1
ESRS G1: Business Conduct · 2026-5010-final
Disclosure Requirement G1-1

Policies (Business Conduct)

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official EFRAG source.

Dr Ross Kurinko, Sustainability Reporting Trainer
Reviewed by Dr Ross Kurinko · Sustainability Reporting Trainer LRA educational guidance · Not issued or endorsed by EFRAG
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to explain whether it has formal policies that set expectations for business conduct, and how those policies are used in practice. The focus is not just on saying a policy exists, but on showing what it covers, who it applies to, and whether it is embedded in day-to-day decision-making rather than sitting only on paper.

In practical terms, the organisation should think about coverage across the whole business, not only a few flagship sites or headquarters functions. A useful report will make clear whether the policy applies group-wide, to specific entities, operations or activities, and whether there are any important gaps, exceptions or differences in implementation across locations or parts of the business.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official EFRAG source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Policy title The exact name used for the policy in the organisation’s records, as approved and currently in use. Approved policy register, intranet policy page, or board/management paper showing the current title. Legal / Compliance
Policy coverage A plain description of what the policy applies to, including the business areas, activities or entities it covers. Policy scope section, group policy framework, or entity applicability matrix. Legal / Compliance
Coverage share The proportion of the organisation’s own operations and relevant upstream or downstream activities that fall within the policy’s reach, expressed as a number. Coverage assessment, operational boundary mapping, or value-chain scoping workbook. Sustainability / Risk
Policy aims The main outcomes the policy is intended to achieve, stated in business terms and aligned to the approved document. Policy objectives section, strategy paper, or management approval pack. Sustainability / Strategy
Anti-bribery policy Whether the organisation has a formal policy covering bribery and corruption prevention. Approved anti-bribery or anti-corruption policy, policy register, or compliance framework. Legal / Compliance
UN alignment Whether the anti-corruption policy is stated to align with the United Nations approach referenced by the organisation. Policy text, approval paper, or compliance statement showing the stated alignment. Legal / Compliance
Speak-up policy Whether there is a formal policy that lets people raise concerns or report wrongdoing through a whistleblowing route. Whistleblowing policy, speak-up procedure, or ethics hotline policy. Legal / Compliance
Whistleblower law coverage Whether that whistleblowing policy is framed to cover the legal protections or requirements that apply in the relevant jurisdictions. Policy wording, legal review note, or jurisdictional compliance mapping. Legal / Compliance
Sensitive roles The job families, functions or positions that are treated as higher exposure to bribery or corruption risk. Risk assessment, role-based controls matrix, or anti-corruption training scope. Risk / Compliance
Risk countries The countries or territories identified as higher risk for bribery or corruption exposure in the organisation’s assessment. Country risk assessment, third-party risk map, or compliance risk register. Risk / Compliance
Public-sector exposure A description of where the organisation’s activities involve contact with public officials, regulators or other public bodies. Government interaction log, sales pipeline notes, licensing records, or public affairs register. Risk / Compliance
+ Show G1-1 sub-elements (LRA working checklist)

How to prepare it

1Start by fixing the reporting boundary for this policy disclosure. Decide which business units, sites and activities are in scope, and make that boundary consistent across the narrative and any figures you report.
2Set out the policy details in plain business language. Capture the policy title, what it is meant to achieve, and whether it covers anti-corruption and whistleblowing matters, including any stated links to UN principles or legal coverage where relevant.
3Map the policy to the parts of the business it actually reaches. Record whether it applies to operations only, the wider supply or value chain, or both, and identify the roles, functions and locations that fall under it.
4Gather the source material that supports each entry before drafting. Use the approved policy text, internal registers, training or compliance records, and any location or role lists needed to confirm the countries or public-sector exposure you describe.
5Prepare the final disclosure in the format needed for each datapoint. Where the item asks for a yes/no response, make sure the answer matches the underlying evidence; where it asks for text, write a concise explanation that reflects the documented scope, coverage and objectives.
6Before sign-off, check the draft against the official source and note any exclusions, assumptions or changes in wording. Confirm that the reported scope, coverage and supporting statements are internally consistent and that nothing has been added, omitted or broadened beyond the source material.
Request the data

Request the business conduct policy pack and coverage details

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

Which policies and related coverage details do we need to describe our business conduct controls for the reporting period?

Use your organisation’s own policy names, control labels and team names first, then map them to the reporting disclosure. Keep the ask in everyday internal language rather than framework wording, and check the source documents before sign-off.

Weak request

Please provide the ESRS G1:G1-1 policy disclosures, including the policy name, scope, coverage, objectives, anti-corruption alignment, whistleblower coverage, high-risk functions, high-risk countries, and exposure to public authorities.

Why it fails: This uses framework language that many internal owners will not use day to day, so it is harder to route and answer quickly. It also bundles several concepts without telling the owner which documents to pull, where to look, or how to describe the business areas in their own terms.

Better request

Please send the latest business conduct policy documents and a short summary covering: the document names, what each one is for, which parts of the business or group they apply to, whether we have an anti-bribery / corruption policy, whether we have a speak-up policy and who it covers, which roles or locations carry higher exposure, which markets we treat as higher risk, and where we deal with public bodies or officials. Use our internal terms first, then we will map them to the reporting disclosure. Please check the source documents before sign-off.

Formal email template
Subject: Request for policy pack and coverage details for [reporting period]

Hi [name],

We are pulling together the evidence pack for our [reporting period] sustainability reporting. Could you please send the current documents and a short summary for the business conduct policy area?

Please include:
- the policy name(s)
- what each document covers
- which parts of the business or group are included
- the main aims of each document
- whether we have a policy covering anti-bribery / corruption matters
- whether we have a speak-up / whistleblowing policy
- whether the speak-up route covers the relevant legal entities and workers we need to include
- the roles, functions and locations that carry higher exposure
- any countries or markets we treat as higher risk
- any areas where we deal directly with public bodies or officials

If it is easier, you can send a link to the latest approved version plus a short note confirming the points above. Please use our internal terms where possible, and we will map them to the reporting disclosure. Please also check the source documents before sign-off.

Thanks,
[preparer name]
Short Teams / Slack version
Hi [name] — could you share the latest policy docs and a short note on scope, coverage, aims, higher-risk roles/locations, and any public-sector touchpoints for [reporting period]? Please use our internal terms. We’ll map them to the reporting disclosure and check the source docs before sign-off. धन्यवाद / Thanks, [preparer name]
Industry examples
Manufacturing

Context. A group with overseas sales teams, customs activity and third-party distributors.

Adapted request. Please share the latest ethics, anti-bribery and speak-up documents, plus a short note on which plants, sales teams, distributors and countries they cover, and where we have customs, licensing or other public-authority touchpoints.

Example response. Policy pack includes the Code of Conduct, Anti-bribery Policy and Speak-Up Policy. Coverage: group-wide for employees and contractors; distributor clause applies to appointed third parties. Higher-exposure roles: export sales, customs brokerage, tendering and government account managers. Higher-risk markets: Country A, Country B and Country C. Public-authority touchpoints: customs clearance, import permits and local licensing.

Financial services

Context. A regulated business with client onboarding, market-facing teams and a formal speak-up channel.

Adapted request. Please provide the conduct, anti-bribery and speak-up documents, and confirm which legal entities, client-facing teams and overseas offices they cover, plus any roles with higher exposure and any dealings with regulators or public bodies.

Example response. Documents: Conduct Policy, Anti-Corruption Standard and Speak-Up Procedure. Coverage: all regulated entities and employees; contractors included in the speak-up route. Higher-exposure roles: onboarding, relationship management, procurement and public-sector sales. Higher-risk locations: Region X and Region Y. Public-authority touchpoints: licensing, supervisory reviews and permit applications.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

This disclosure can explain which policies were reviewed, how the organisation defined their scope and coverage, and what counts as a high-risk role, location or external exposure for the purposes of the data set.

Context note

Taken together, these data points show whether the organisation has formal controls in place, how far they extend across operations and the value chain, and where the main corruption-related risk areas are concentrated.

Fluctuation statement

If the figures or coverage changed from the prior period, the reporter can attribute that to policy updates, a broader or narrower scope, changes in the list of higher-risk roles or countries, or a revised view of exposure to public authorities.

Content index entry
G1-1 Policies (Business Conduct) — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for G1-1 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Go deeper · G1-1
Learn to prepare this disclosure end-to-end

This guide covers one Disclosure Requirement. The ESRS / CSRD Reporting course walks the full European workflow — double materiality, datapoints, evidence and assurance — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
We limited the coverage figure to the parts of the business we had actually reviewed for this topic, and we can show how we decided what was in and what was left out.An assurer will probe whether the boundary was set consistently, whether any relevant entities, sites or activities were omitted, and whether the inclusion/exclusion logic was applied in the same way across the reporting period.['Boundary-setting memo or reporting note showing the inclusion/exclusion rules used for the figure', 'List of entities, sites, functions or activities included in the review, with reasons for any exclusions', 'Internal sign-off or review trail confirming the boundary decision']
We based the disclosed figure on the operations and roles we had mapped as higher exposure areas, and we kept the underlying mapping so it can be traced back.An assurer will test whether the higher-risk areas were identified using a clear method, whether the mapping was complete, and whether the disclosed scope matches the underlying risk assessment.['Risk assessment or mapping document identifying the higher-exposure functions, roles, locations or activities', 'Source data or registers used to build the mapping', 'Version-controlled working papers showing how the disclosed scope was derived from the risk assessment']
Where we used a defined term in the disclosure, we applied the same internal meaning throughout and checked that the wording matched our source materials.An assurer will look for inconsistent use of key terms, a mismatch between the narrative and the source definition, or a definition that was applied selectively.['Internal glossary or policy definitions used for the disclosure', 'Draft-to-final comparison showing consistent use of the term', 'Review notes confirming the wording was checked against the source definition']
For the policy information, we pulled together the policy name, what it covers, where it applies, and what it is meant to achieve, then checked that each part was stated clearly.An assurer will test whether the policy description is complete, whether the stated coverage matches the actual policy documents, and whether the objectives are supported by the underlying text.['Current policy documents and any related procedure documents', 'Summary table linking each policy to its scope, coverage and stated purpose', 'Management review or legal/compliance review confirming the summary is accurate']
We confirmed that the anti-corruption and anti-bribery policy set was current and aligned with our internal framework before we published the disclosure.An assurer will probe whether the policy was actually in force, whether it covered the relevant risks, and whether the disclosure overstates the maturity or completeness of the policy set.['Approved anti-corruption and anti-bribery policy documents with effective dates', 'Policy review or approval records showing the latest update cycle', 'Cross-check between the disclosure and the policy text']
We checked that the whistleblowing policy was in place and active at the reporting date, and we retained the approval trail and version history.An assurer will test whether the policy existed at the relevant date, whether it was formally approved, and whether the disclosure is based on a current document rather than a draft or obsolete version.['Whistleblowing policy document with approval date and version control', 'Evidence of publication or internal communication of the policy', 'Document control records showing the policy was current at the reporting date']

Evidence pack to prepare

Common reporting gaps

Figures are stated without the supporting narrative, or narrative without figures.Scope is inconsistent between the text and the numbers.The reporting boundary is left undefined.Material changes since the previous period are not disclosed.Estimates and measured values are not distinguished.Source records for the figures are not identified.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner, wrong language
The request goes to a team that does not hold the policy record, or it is framed in framework terms instead of the organisation’s own policy names and business wording.
Scope left vague
The collector never pins down which policy set, business area, or entity boundary is in view, so different people send different versions of the same item.
Coverage basis mixed up
Operational sites and value-chain coverage are pulled into one count or description even though they need to stay separate in the source data.
+ Show 6 more

Where judgement is often needed

How to treat a business bought or sold during the year
Decide whether the policy list and coverage figures reflect the group as it stood at the reporting date or include a newly acquired or recently disposed business for part of the year, and explain the cut-off used.
Where local wording differs from group wording
If country teams use different labels or legal terms for the same conduct rule, map them to one group description and note any places where the local version is narrower or broader.
Whether a borderline team counts as in scope
Set out the rule used for staff or contractors who sit close to the boundary, such as shared-service teams, temporary workers or outsourced roles, and say how you decided they belong in or out.
+ Show 5 more
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — Consumer goods manufacturing

We describe a group-wide anti-bribery and integrity policy that applies to our own sites and the parts of the supply chain where we have direct oversight, and it is aimed at preventing misconduct and supporting ethical conduct. The policy is built to align with the recognised sustainability principles, and we also maintain a separate speaking-up policy that covers employees and contractors and is intended to meet the legal protections available in the jurisdictions where we operate. - The integrity policy covers 100% of our owned operations and 85% of tier-1 suppliers by spend; it is active across all business units. - We identify 42 roles as more exposed to bribery risk, mainly procurement, sales, customs, logistics and government-facing managers; 18 of those roles sit in three higher-risk countries, and 12 roles regularly deal with public bodies.

Synthetic example for practitioner review only. It shows how to narrate the policy name, where it applies, what it is meant to achieve, whether the anti-corruption and speaking-up arrangements exist, whether the anti-corruption policy is aligned to the UN Compact, and which roles, countries and public-authority touchpoints are treated as higher risk.

Illustrative (synthetic) example — Transport and logistics

Our compliance framework includes a gifts, hospitality and anti-corruption policy for the company and the controlled entities we manage, with the aim of reducing bribery risk and reinforcing fair dealing. We also run a confidential reporting policy that is designed to operate in line with local legal protections, and the anti-corruption policy is mapped to the recognised sustainability principles. - The policy reaches 100% of our operating sites and 70% of our key intermediaries by contract coverage; it is intended for all staff and relevant third parties. - We classify 27 positions as higher exposure, including customs brokers, fleet managers, tendering staff and country leads; 9 of those positions are in two higher-risk countries, and 7 positions involve routine contact with regulators or other public bodies.

Synthetic example for practitioner review only. It demonstrates a different sector and wording while still covering the policy title, who and what it applies to, the intended purpose, the existence of anti-corruption and whistleblowing arrangements, the UN alignment, and the main higher-risk roles, countries and public-authority interfaces.

Company reportsReal published reports
Compare side by side →Get it free

How companies report G1-1 in practice

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Grifols, S.A.
Pharmaceuticals / Biotech / Life Sciences · Spain · 2024
Open report →
Grifols, S.A.’s 2024 Integrated and Sustainability Annual Report includes narrative evidence on compliance with its Anti-Corruption Policy, highlighting review processes tailored to different types of business conduct on page 194 and guidelines for employee interactions on page 197. The report also references training related to anti-corruption policies on page 193 and mentions risk assessments connected to corruption on page 189, though the numeric disclosure there is unclear. However, several expected narrative items related to anti-corruption are not found elsewhere in the report.
Assicurazioni Generali S.p.A.
Banks / Diverse Financials / Insurance · Italy · 2024
Open report →
Assicurazioni Generali S.p.A.’s 2024 Annual Integrated Report includes narrative coverage of its Anti-Bribery and Anti-Corruption (ABC) policy, described as part of its broader business conduct policies and supported by operational guidelines that define approaches and processes (p.174). The report also references analyses of business conduct impacts and risks, including value chain exposure, though these are not clearly quantified (p.102). However, several expected narrative disclosures are missing or unclear, with no clear numeric values or detailed descriptions found beyond the policy references.
Fluidra, S.A.
Electrical Equipment and Machinery · Spain · 2025
Open report →
Fluidra’s 2025 Integrated Annual Report includes a clear disclosure of its anti-corruption policy on page 238, indicating the company has established measures related to business conduct. Additionally, page 301 references business conduct policies and corporate culture, including policies managing sustainability issues in supply chain management, although these are not detailed clearly. However, the report lacks specific numeric data or comprehensive narrative disclosures on other aspects of business conduct policies, with several datapoints not found or unclear throughout the document.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get practical answers for your reporting context. Your first two answers are free — join LRA Community for free to continue without a limit.
TryHow do I prepare G1-1?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
2 free answers
Check your understanding

Scenarios to work through

A group finance team has one conduct policy for the parent company, but the overseas sales subsidiary uses a separate local code and the procurement team follows a third document. The reporting lead is deciding whether to describe one group-wide policy or several separate ones.

QShould the disclosure present a single policy set or explain the different documents and where each one applies?
Reveal model answer →

A preparer has a draft anti-bribery policy, but it only mentions employees and says nothing about agents, distributors, or other third parties used in sales. The team is unsure whether that is enough for the business conduct note.

QCan the policy be described as covering the organisation’s conduct risks if it only speaks to staff and not to outside parties acting for it?
Reveal model answer →

The compliance team has a whistleblowing procedure for employees in the UK, but contractors in another country use a separate hotline run by a local provider. The reporting lead is deciding how to answer the policy question for the year-end report.

QHow should the preparer decide whether to present this as one reporting channel or as multiple arrangements with different legal reach?
Reveal model answer →

A multinational has identified customs brokers, public-sector sales contacts, and permit applications as the areas where conduct risk is highest. The draft note lists these activities, but it does not say which countries are most exposed or whether dealings with public bodies are part of the picture.

QWhat should the preparer do when the risk profile is driven by certain roles, locations, and contact with public bodies?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

ESRS
G1-1
within ESRS G1: Business Conduct
Open official source →
Primary
Related & explore
Go deeper · G1-1
Learn to prepare this disclosure end-to-end

This guide covers one Disclosure Requirement. The ESRS / CSRD Reporting course walks the full European workflow — double materiality, datapoints, evidence and assurance — with exercises on your own data.

Available as Guided Flex, Live Cohort, 1:1 Expert Mentorship or Corporate Programme.

FAQ

Questions this page answers

For G1-1, what data points do I need to gather before I can draft the disclosure?+
How do I use the step-by-step 'how to prepare' section for G1-1?+
What should I include in the scope and coverage for a G1-1 business conduct policy disclosure?+
Who should own the G1-1 data collection in practice: ESG, HR, legal or the policy owner?+
What evidence pack do I need to make G1-1 assurance-ready?+
What are the six assurance claims I need to verify for G1-1?+
What are the common reporting gaps or mistakes to avoid in a G1-1 disclosure?+
How do I turn the G1-1 data into a draft disclosure?+
What should I use the G1-1 workbook and printable Library Card for?+
Does the G1-1 page give real company examples I can compare against?+
What kind of illustrative example does the G1-1 page provide?+
More questions this page can help with
G1-1 business conduct disclosure checklist: what should I collect before drafting?How do I scope policy coverage and coverage share for G1-1?What evidence should sit behind a G1-1 anti-bribery policy disclosure?How do I document UN alignment in a G1-1 disclosure using the workbook?What is the best way to assign ownership for G1-1 policy data and evidence?How do I use the G1-1 narrative starters to write the disclosure?What are the most common mistakes in G1-1 business conduct reporting?How do I use the synthetic example table in the G1-1 page?What should an assurance reviewer look for in the G1-1 evidence pack?Where can I find real company report examples for G1-1 business conduct?How do I capture whistleblower law coverage and speak-up policy details for G1-1?What should go into the content-index line for a G1-1 draft output?
How this library is built 312 published reports indexed 63171 pages with page-level citations 247 practitioner guides